RE: Ok, so now we have a firewall, we're safe, right?

["Brian Loe" <knobdy () stjoelive com>]

Have you noticed how TSA treats security post 9/11? No thanks, I don't want
the government telling us how we have to conduct business. These things get
ironed out, every day, the way they should: someone loses something due to
someone else's neglect or negligence, that person gets sued/goes to jail.

If your charged with security the best you can do is document everything you
do and why - including those things proposed to management that were shot
down - and move on. Your responsibility is to carry out the wishes of your
company and if they don't correspond with your morals or ethics you're free
to quit, and you should.

This, like so many other things, is about personal responsibility, not
government control.

As for financial companies that only reduce risk enough to make it
"tolerable", they'll get along with it until either their board, their
shareholders or their customers hold their feet to the fire. And, as you
say, most people don't care so that's not likely to happen soon - so what?
Why do you care? Protect yourself and be happy, right?


> Our hands have to be placed on hot (regulatory) coals to 
> implement security. Even then we procrastinate and lobby to 
> reduce the requirements *and* accountability - and ask 
> vendors to automate and hide complexity. Automation and 
> security aren't good bedfellows. 
>
> Where security is involved, otherwise rationale adults 
> devolve into whining, rebellious, scheming, negotiating 
> adolescents. The critical parent (regulatory) social style 
> isn't working. The nurturing parent style isn't working. If 
> you've know a way to create adult-adult conversations on the 
> topic of network security, I'm eager to hear them.


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards