I think another problem is that sysadms are, generally, not good at
business maths. Normally the only thing that a PHB understands is the
bottom line. If sysadms could put forward a case for the TCO of a
product, and it has to be a case that has realistic, demonstratble,
figures, not one plucked from thin air, then they will present a more
credible case.
The problem with expenditure on security is like the problem of
expenditure on insurance - it's a straight expense unless/until you need
to fall back on it.
Mind you there are still some PHBs who persist in ignoring the bottom
line, often because they are in a position to supplement their own bottom
line at the expense of IT's.
--
Howard.
______________________________________________________
LANNet Computing Associates <http://www.lannet.com.au>
On Thu, 24 Aug 2000, Rachel Polanskis wrote:
>
> The problem with this argument is that users often ask for things that
> are not appropriate or they ask for things that while not impossible to
> accomplish may end up occupying a lot more resources than available.
>
> Quite the opposite!
> Programmers and admins *should not* cater for the needs of users.
> Instead they should be advising the users on what
> the appropriate technologies are and then directing them towards the
> required outcome. Otherwise you will end up with users wasting the
> time of the IT staff and also probably having unreal expectations of the
> IT staff's own capabilities. You will also find the admins having to
> deal with software and technologies that they are either unprepared for
> or cause them pull hair out or pass comment like "Did they really pay $10000
> for this <insert product here>?".
>
> Users often expect their needs to be dealt with in advance of that
> of the enterprise as well - security is one issue here. When it comes down
> to making things "simpler" for the poor little cherubs security is one of the
> first things that gets diluted. This is sub-optimal in any IT dept these
> days. When I see/hear of an IT dept that lets their users get away with
> security loopholes ("because it makes it easier"), it's only a step away
> from a lawsuit or a cracker attack. It is generally a good indicator
> that there will be other systemic problems elsewhere in the IT infrastructure.
>
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
