On Thu, Apr 15, 2010 at 4:37 PM, Brian Clark <[email protected]> wrote: > After a long week doing a SBS migration I didn't know how to take this > article and needed to share it!!
Long winded. Slightly sensationalist. For all he beaks about security people not having hard data to back up their advice, he doesn't present hard data to back up his advice. That said, there are some good points to make: Cost/benefit (ROI) is the end-all, be-all of everything. First, last, and always. Everything has a cost. The Laws of Thermodynamics tell us this, and you cannot escape it. Ever. If your planning doesn't take cost/benefit into account, you're going to loose. More specifically: "There's no such thing as security; only managed risk." Security measures should be intended to counter specific threats. The reduction in risk should justify the cost. More specifically still: Some of the rules I've seen about how often one should change one's password are ridiculous. Every 90 or 30 days? Seriously? I would much rather someone craft a strong password and change it less often, than resort to writing them down or choosing weak or systematic passwords because they are forced to change them so often. If you really are *that* scared of password cracking, you shouldn't be using passwords at all. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
