[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Technology and your Security Program

To: "Kelly Robinson" <caliana1989@xxxxxxxxx>
Subject: Re: [Full-disclosure] Technology and your Security Program
From: "Paul Melson" <pmelson@xxxxxxxxx>
Date: Fri, 12 Oct 2007 07:05:14 -0400

On 10/12/07, Kelly Robinson <caliana1989@xxxxxxxxx> wrote:
> Why should technology be the final tier to be fully implemented in a
> security program?
>
> I am thinking in terms of the Digital Liability Management model:
> http://daemonic.wordpress.com/2006/04/26/it-security/

Is this a trick question?

If you buy product first, you will find yourself changing policy and
accepting otherwise unnecessary risk or expense (or both) in order to
retrofit your policy to your technology.  In other words, you're
letting the tail wag the dog.

PaulM

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Technology and your Security Program
  - From: Kelly Robinson

Prev by Date: Re: [Full-disclosure] Tikiwiki 1.9.8 exploit ITW
Next by Date: [Full-disclosure] SEC Consult SA-20071012-0 :: Madwifi xrates element remote DOS
Previous by thread: [Full-disclosure] Technology and your Security Program
Next by thread: [Full-disclosure] SEC Consult SA-20071012-0 :: Madwifi xrates element remote DOS
Index(es):
- Date
- Thread