The three laws of thermodynamics: 1) You can't win 2) You can't break even 3) You can't get out of the game
Heh. On Thu, Apr 15, 2010 at 14:36, Ben Scott <[email protected]> wrote: > On Thu, Apr 15, 2010 at 4:37 PM, Brian Clark > <[email protected]> wrote: >> After a long week doing a SBS migration I didn't know how to take this >> article and needed to share it!! > > Long winded. Slightly sensationalist. For all he beaks about > security people not having hard data to back up their advice, he > doesn't present hard data to back up his advice. > > That said, there are some good points to make: > > Cost/benefit (ROI) is the end-all, be-all of everything. First, > last, and always. Everything has a cost. The Laws of Thermodynamics > tell us this, and you cannot escape it. Ever. If your planning > doesn't take cost/benefit into account, you're going to loose. > > More specifically: "There's no such thing as security; only managed > risk." Security measures should be intended to counter specific > threats. The reduction in risk should justify the cost. > > More specifically still: Some of the rules I've seen about how often > one should change one's password are ridiculous. Every 90 or 30 days? > Seriously? I would much rather someone craft a strong password and > change it less often, than resort to writing them down or choosing > weak or systematic passwords because they are forced to change them so > often. If you really are *that* scared of password cracking, you > shouldn't be using passwords at all. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
