Security Basics mailing list archives
RE: A reminder that security is not inherently solvable with technology
From: "Jeremiah Powell" <jdpowell () compgeo com>
Date: Fri, 24 Oct 2003 18:33:31 -0500
-----Original Message----- From: Mike Peppard [mailto:mpeppard () impole com] Sent: Friday, October 24, 2003 12:02 PM To: security-basics () securityfocus com Subject: RE: A reminder that security is not inherently solvable
withtechnology
Offshore business-process-outsourcing sales will leap 38% this year to $1.8 billion
http://www.informationweek.com/story/showArticle.jhtml?articleID=15306236
With this type of money riding on outsourcing there are substantial incentives to
<SNIP>
"put" the controls in, who puts the controls on us? Hippocratic oaths?
As an interesting note, part of my time with the University of Oklahoma's Student support team involved crafting my own, personal 'IT Hippocratic oath.' While some may find it cheesy (along the lines of 'vision statements' and 'executive team-building retreats') I belive that the values the IT team were trying to instill have an effect. If only to get you to think about this stuff (security, rights and responsibility, policy) in between configuring your dual-firewall frontier system with DMZ. Things like having people craft an oath are cheap and may have use. If they can only give the correct bias to thinking about users and coping with their problems, then these 'social solutions' (like the Medical Hippocratic Oath) can be very effective. I cann't overestimate the value of oaths and statements in security policies. When done to reflect the real world, they convey the critical missing element in so many security systems, namely 'why.' My oath is attached to this message. It has been years since I first wrote it, but it (only verion 1.1) still expresses my ideas about what IT should be. Hopefully it will continue to serve me, as should yours serve your if you write one. Now if I could only find that url about 'how to manage your manager' again, I could get some financial support behind this... Sincerely, Jeremiah D. Powell Systems Admin, Computational Geosciences Voice (405) 360-0472 / Fax (405) 307-0866 330 W Gray Suite 500; Norman, Ok 73069
Attachment:
personal oath.txt
Description:
--------------------------------------------------------------------------- Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021 ----------------------------------------------------------------------------
Current thread:
- hunt tool Jorge Garcia (Oct 21)
- Re: hunt tool Toyama no Benbei (Oct 22)
- A reminder that security is not inherently solvable with technology JGrimshaw (Oct 23)
- Re: A reminder that security is not inherently solvable with technology Kamal Habayeb (Oct 23)
- Re: A reminder that security is not inherently solvable with technology Paul O'Malley (Oct 24)
- RE: A reminder that security is not inherently solvable withtechnology Mike Peppard (Oct 24)
- RE: A reminder that security is not inherently solvable with technology Jeremiah Powell (Oct 27)
- Re: A reminder that security is not inherently solvable with technology Steve (Oct 27)
- Re: A reminder that security is not inherently solvable with technology John T. Hoffoss (Oct 28)
- A reminder that security is not inherently solvable with technology JGrimshaw (Oct 23)
- Re: hunt tool Toyama no Benbei (Oct 22)
- RE: A reminder that security is not inherently solvable with technology jm (Oct 23)
- RE: A reminder that security is not inherently solvable with technology Tsai Li Ming (Oct 24)
- <Possible follow-ups>
- RE: hunt tool Jorge Garcia (Oct 22)
- Re: hunt tool Eric Hagen (Oct 22)
- Re: hunt tool Jorge Garcia (Oct 24)