[46481] in North American Network Operators' Group
Re: How to get better security people
daemon@ATHENA.MIT.EDU (blitz)
Fri Mar 29 20:44:48 2002
Message-Id: <5.1.0.14.2.20020329204353.03615a50@mail.macronet.net>
Date: Fri, 29 Mar 2002 20:44:02 -0500
To: nanog@merit.edu
From: blitz <blitz@macronet.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Errors-To: owner-nanog-outgoing@merit.edu
>Problem is, some feces for brains boss is always going to come along and
>tell you to do what you know is not in the best interest of security. And
>when the problem rears its ugly head, YOU take the heat, not the idiot who
>insisted you go against proper procedure.
All I can advise, is document, document, document, then when it does come
down, and they point the fickle finger of fate at you, you can always
produce the documentation that 'da bozz' made ya do it...
>Hmm. Incredibly biased opinion follows...
>
>A basic security mindset is a combination of paranoia, a talent for
>contingency planning, and an understanding of business need.
>
>However, the paranoia must not be so extensive as to be crippling,
>the contingency planning must not be so obsessive as to be paralysing,
>and the understanding of business need should not interfere with the
>periodic difficult and unpopular decisions that must be made to
>protect the greater good.
