|
Why would the CE need that access all the time ?
Good question. Sounds a little historic. This is my opinion only, not necessarily fact, and I have not read the report only the article. No offense to -anyone- and here is my view: We've all had the math problem about finding the population /distributions of sets - I will leave it at that as far as describing what "I" think is a sample that applies to what I see in the field. Additionally, the audience of such a report contains the best of the best, so I did not think anyone worthy of the responsibility would misinterpret ANYTHING reported. Like so many others, I have scrutinized what is reported for years, you become adept at assimilating real content / value at hand - fast and getting your own facts to continue forward or simply know that it is not your cup of tea. A truly secure org would not give permission for such a report or even run the software for the purpose of outside entity reporting unless for compliance, which was not mentioned. That population may be omitted altogether. Therefore, I conclude that the article is for management fright effect/wake-up call, since no one else cares. Now we have: -CONTEXT. I know this is an emotional topic (and it should not be) but the recent posts about the unreported side of the house are in line with my observations. Excluding vendors with accepted risk boxes for clients, the current picture seems to be that I can not get in anywhere without VPN. This means the problem is entirely composed of internal users and controllable. They sign the employment agreement for responsible behavior with corporate assets. The set of sec issues at risk seemingly will be accidental/lack of knowledge in origin excluding VPN hackers and lost portables. The disgruntled element of risk is enough to justify uniformity of all the systems -yes but it seems we tend to cap the bottle with VPN rather than apply security uniformly. As a side note, I think IBM and ALL OS vendors have done a terrible job at making this an easily managed asset. It is ridiculous that we have to try so hard to see what users might be able to peek at payroll. It has ALWAYS been this way and has not improved much. Of course, we expect a lot sometimes, it's not as simple as a telephone or water meter in the yard and it helps keep people like me busy. Is i5 security simply a matter of internal priorities? And the focus of the article perhaps far too narrow. Would it not be more credible with two sources one being the audit team or enterprise assessment rather than an i5 only audit? Might the real question(s) be: #1 - Is the reason that i5 is neglected because it is not problematic, out of scope - year after year? In that same meeting everyone notes concerns about the weekly Microsoft catastrophe? -Squeaky wheel gets the grease. #2-Is the reason because it is too complex and they have not loaded software to manage the solution? -Hardly, you get what you pay for.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.