There are *some* instances of that, to be sure. But there more instances where there are 5 holes to fix, and there's only a desire to fix 1.
Of course, when one of the other 4 is exploited, the question becomes "how come we didn't take care of this sooner?" IT: We have 5 issues Exec: Well, we can only address 2 IT: 2 is not enough Exec: It's what we have to work with. Prioritize them IT: Okay, vulnerabilities 1 and 4 are the most likely to be hit. Exec: Why does it cost so much? If it's that critical, why haven't we been hit already? Fine... Take care of 1 and 4 *Time Passes* Exec: How come we got hit by 2 and 3? IT: I told you that all 5 were needed Exec: How quickly can you get it fixed? IT: We have to assess the damage, and determine what the full remediation will be Exec: sigh... Sent from my Verizon Wireless BlackBerry -----Original Message----- From: Jeff Brown <[email protected]> Date: Fri, 18 Dec 2009 09:46:40 To: NT System Admin Issues<[email protected]> Subject: Re: This just in... Sometimes I think the guys who know the most about security do the most damage. I have seen a couple of situations where a company would have made incremental changes to improve security, but the consultant presented a dooms-day recommendation that suggested that EVERYTHING was broke/bad/dangerous and it all had to be corrected IMMEDIATELY! In both cases they chose to do nothing. On Fri, Dec 18, 2009 at 9:34 AM, Andrew S. Baker <[email protected]> wrote: > Let's face it. Most people and enterprises simply pay lip service to > information security until it's too late, or there has been a breach of some > sort. > > The bulk of resources go into features and functionality that are > non-security related. It's all about chasing revenue. > > Perhaps we'll learn by the 2020's (the decade of hindsight) > > *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> > *Providing Competitive Advantage through Effective IT Leadership* > > > > On Fri, Dec 18, 2009 at 10:15 AM, David Lum <[email protected]> wrote: > >> Well, a couple hours ago >> >> >> >> http://news.cnet.com/8301-13577_3-10418270-36.html?tag=mncol;title >> >> >> >> *David Lum** **// *SYSTEMS ENGINEER >> NORTHWEST EVALUATION ASSOCIATION >> (Desk) 971.222.1025 *// *(Cell) 503.267.9764 >> >> >> >> >> >> >> >> > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
