[2292] in WWW Security List Archive
Re: Need a Security Consultant
daemon@ATHENA.MIT.EDU (Adam Shostack)
Sat Jun 29 21:52:13 1996
From: Adam Shostack <adam@homeport.org>
To: CDAVIDSO@IS.NMH.NMH.ORG (Davidson, Clyde)
Date: Sat, 29 Jun 1996 20:07:35 -0500 (EST)
Cc: www-security@ns2.rutgers.edu, secbydes@thoughtport.com
In-Reply-To: <199606271515.KAA01939@yeager.nmh.org> from "Davidson, Clyde" at Jun 27, 96 10:18:00 am
Errors-To: owner-www-security@ns2.rutgers.edu
Davidson, Clyde wrote:
| You have a good point.
|
| Also, I am an Information Security Officer and I think that "highly
| secure" and "cost-effective" are mutually exclusive terms in data
| security. Not that you don't.
Cost-effective is a matter of what you're protecting. If your
security isn't cost-effective, then thats a problem. There are times
when its easier to eat the loss than provide real security. Witness
the cell phone industry in the US, where NSA/FBI fears of private
conversations cost the industry 20% of its income.
Also, I wanted to mention that TIS does consulting.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
