Re: [PEN-TEST] Testing a "rogue site"

[Peter Van Epp <vanepp () SFU CA>]

>  Hi folks!
>
>  I've got an interesting scenario/case study  here.
>
> Very recently, there was a slight organizational change in our company and two
> out of town sites became added to our "circle of responsibility". Although they
> were added, company politics prevents us from dictating any IT policy to these
> new sites.

        Then common sense dictates that you don't have any responsibility for
their security either since that would make this a classic "responsibility
without authority" situation and the solutions are basically obtain the
authority to go with the responsibility or decline the responsibility (which
may turn in to option 3) or that always valid third choice find a job with
someone with a clue that doesn't try the "responsibility without authority"
stunt. Security people are very marketable if the offers I get are any
indication. Previous experience indicates bozos aren't worth working for
conversely think hard before leaping from a non bozo environment, money
certainly isn't everything, and is often an indication of a high bozo
factor ...
        A security policy would also be a good first step should you decide to
stay (and probably a good bellweather of whether you should stay ...).