On Oct 5, 2010, at 4:27 PM, Scott Ribe wrote: > On Oct 5, 2010, at 2:19 PM, Bart Silverstrim wrote: > >> I just think that sometimes companies go out of their way for wacky >> scenarios that really shouldn't be much of a concern in the first place >> while leaving open other more obvious routes of penetration, and forgetting >> their biggest security weakness is their users. > > I think it's more the "auditors", consultants & lawyers who do that. IT just > has to make the point-haired boss happy after the outsiders get through > scaring him with silly apocrypha about compliance.
Having dealt with my fair share of audits over the last 25+ years I can say that when they present such a challenge or "risk" all you need to do is counter it with a response doc that mitigates the risk. (Or in this case explains why the scenario is fanciful and extremely low risk.) That's easier than engineering a solution to a problem that won't occur. -d ------------------------------------------------------------------------ Dan Shoop Computer Scientist [email protected] GoogleVoice: 1-646-402-5293 aim: iWiring twitter: @colonelmode _______________________________________________ MacOSX-admin mailing list [email protected] http://www.omnigroup.com/mailman/listinfo/macosx-admin
