× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Why would the CE need that access all the time ?

Good question. Sounds a little historic.

This is my opinion only, not necessarily fact, and I have not read the
report only the article. No offense to -anyone- and here is my view:
We've all had the math problem about finding the population
/distributions of sets - I will leave it at that as far as describing
what "I" think is a sample that applies to what I see in the field.
Additionally, the audience of such a report contains the best of the
best, so I did not think anyone worthy of the responsibility would
misinterpret ANYTHING reported.  Like so many others, I have
scrutinized what is reported for years, you become adept at
assimilating real content / value at hand - fast and getting your own
facts to continue forward or simply know that it is not your cup of
tea.

A truly secure org would not give permission for such a report or even
run the software for the purpose of outside entity reporting unless
for compliance, which was not mentioned. That population may be
omitted altogether. Therefore, I conclude that the article is for
management fright effect/wake-up call, since no one else cares. Now we
have: -CONTEXT.  I know this is an emotional topic (and it should not
be) but the recent posts about the unreported side of the house are in
line with my observations. Excluding vendors with accepted risk boxes
for clients, the current picture seems to be that I can not get in
anywhere without VPN.
This means the problem is entirely composed of internal users and controllable.
They sign the employment agreement for responsible behavior with
corporate assets. The set of sec issues at risk seemingly will be
accidental/lack of knowledge in origin excluding VPN hackers and lost
portables. The disgruntled element of risk is enough to justify
uniformity of all the systems -yes but it seems we tend to cap the
bottle with VPN rather than apply security uniformly.

As a side note, I think IBM and ALL OS vendors have done a terrible
job at making this an easily managed asset. It is ridiculous that we
have to try so hard to see what users might be able to peek at
payroll. It has ALWAYS been this way and has not improved much. Of
course, we expect a lot sometimes, it's not as simple as a telephone
or water meter in the yard and it helps keep people like me busy.

Is i5 security simply a matter of internal priorities?  And the focus
of the article perhaps far too narrow. Would it not be more credible
with two sources one being the audit team or enterprise assessment
rather than an i5 only audit?
Might the real question(s) be:
#1 - Is the reason that i5 is neglected because it is not problematic,
out of scope - year after year? In that same meeting everyone notes
concerns about the weekly Microsoft catastrophe?
-Squeaky wheel gets the grease.

#2-Is the reason because it is too complex and they have not loaded
software to manage the solution?
-Hardly, you get what you pay for.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.