> In our business this is required.  There are workarounds but we
believe in
> progress and will not hire people to do things that can be
automated.  Look
> at it this way - which is a bigger security risk:  a buried
password only
> available programmatically, or yet another walking talking
individual who
> gives the password out to his/her supervisor when asked?

It's worth noting that "Proper Security" is in the eye of the
beholder.  What I may view as minimal requirements, you could
view as burdonsome beuacracy - and we're both right provided that
everybody walks into the game with their eyes open.  If you are
fully aware of the risks and choose not to spend resources
addressing them, that could well be the right business decision
for your company.  Some industries move so fast that the time it
takes to "Properly Secure" something becomes a business risk
factor of it's own.

As long as everyone understands what is being risked, and makes
informed business decisions based on solid information, I think
you could call yourself "Properly Secured" for your environment.

It's when people are operating on little, or bad, information
that security issues are most costly.  If you don't understand
the risks, you're not really ready to accept them.


John Earl
The Powertech Group
Kent, Washington, USA       +1 253-872-7788

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.