On Wed, May 29, 2013 at 6:14 PM, Zak Elep <[email protected]> wrote: > On Wed, May 29, 2013 at 3:53 PM, [email protected] > <[email protected]> wrote: > > On Wed, May 29, 2013 at 3:32 PM, Zak Elep <[email protected]> wrote: > >> > >> Time to kick the asses of those "auditors" then :P > > > > LOL easier said than done. Compliance is a very powerful business > motivator. > > Pretty easy when you can demonstrate other business motivators can > override it (e.g. manglement wants it now na, no questions!, or you > have incompetent IT equivalents on the other side "complying" to an > objectively stupid standard, etc, etc.) > > Compliance is only good in stuff where you don't have anything better; > in OP's case though, there ought to be some stuff other than ClamAV > (not surprisingly, on the proprietary side,) that can appease the > auditors. Since money will be always in play in this discussion, the > question becomes one of minimizing cost to maximize compliance, in a > given urgency. > >
You know very well what you posted is personal opinion and won't make sense to any high grade requirement like sox :-) I recall in my previous work, our deployment to comply with ISO 27002 is Kaspersky Anyway,
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
