Chris, Have you considered approaching upper management with a basic cost/benefit analysis? Obviously, if you can't justify the cost of replacing their favorite products with more secure alternatives, your project is doomed from the beginning. It doesn't matter if Outlook Express is the most vulnerability-ridden application ever written and it exposes the company president to loss of all his personal data on his work system. If he doesn't see cost savings (plus comparable functionality and ease of use) by moving to a more secure email reader, he's not going to change.
If you can justify the changes by showing management that the cost of exploitation justifies action (it may or may not, depending upon your organization), then you have a chance, provided you can also show that the cost of securing and managing the current environment (Action alternative 1) sufficiently exceeds the cost of replaing current applications with more secure applications (Action alternative 2). In the scenario you're describing in this post, simply focusing on security will fail. Not only will you continue to have what you consider an unsafe (and possibly unmanageable) environment, you will generate enough animosity that future projects will be difficult, if not impossible, to implement. You must give equal weight to application functionality and to the willingness of your management teams to follow your lead. Charlie Chris Berry wrote: > >From: "Dan Bartley" <[EMAIL PROTECTED]> > >I would love to try this again without causing my point to get lost > >somewhere else :-) <snip> > >The whole approach has worked very well. Employees no longer ask for > >things unless they have researched the need and the application first on > >their own. They then trust that we will take a serious look at it and > >their information. They also trust that if it ends up being denied there > >will be a legitimate reason and we will offer a suggestion for an > >alternative. > > > >Best Regards, > > > >Dan Bartley > > That sounds like a good way to go about things, however at my location upper > management is the problem, they're the ones wanting to use insecure software > with no restrictions or lockdown, and part of my project was to look for > ammunition to fight against that tendency. I'm trying to change the > mentality from "I need X software, do it or else" to "I need to do X task, > can you recommend and set up something to care of this" > > Chris Berry > [EMAIL PROTECTED] > Systems Administrator > JM Associates > > "Encrypt everything, and ask questions later." > > _________________________________________________________________ > Help STOP SPAM with the new MSN 8 and get 2 months FREE* > http://join.msn.com/?page=features/junkmail > > --------------------------------------------------------------------------- > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure remote access in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > ---------------------------------------------------------------------------- -- E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law and may be disclosed to third parties by an authorized state official. -- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
