This has become an interesting topic :-)
The need to strike the balance with compliance is one thing with security and
nature or type of infrastructure whether its for SOX, PCI, HIPAA, etc etc. And
there a lot more types of compliances not too common because of nature of the
business that are not necessarily with web presence or personal data databases.
I have no arguments with all the comments here because some way or the other I
have expressed the same views, comments and opinions. One top security
consultant in US I worked with have seen 100% compliant companies and failed in
audit and some with loopholes passed. Auditors treat them with a grain of salt
for comments they made. Most of the time they are not experts in our field and
there are reasons for that. Some of them had not seen source codes or not flag
waving CISSPs or any other certifications at all. Worse they could be lawyers
who are auditing by throwing the book. They told to do and that make us busy
and employ. Regulations will keep us securely employed otherwise nobody will
need us anymore.
Tito Mari Francis Escaño <[email protected]> wrote:
>_________________________________________________
>Philippine Linux Users' Group (PLUG) Mailing List
>http://lists.linux.org.ph/mailman/listinfo/plug
>Searchable Archives: http://archives.free.net.ph
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
http://lists.linux.org.ph/mailman/listinfo/plug
Searchable Archives: http://archives.free.net.ph
