[UNCLASSIFIED]RE: [clug] Detecting malicious former employees

Sam Couter sam at couter.id.au
Tue Sep 12 10:08:00 GMT 2006

Tomasz Ciolek <tmc at vandradlabs.com.au> wrote:
> But simple questions are:
> 1. what are you protecting from?
> 2. what are you mitigating against?
> 3. is it cheaper/feasible to not secure it, and wear the fallout?
> Answer those and that dicates the lengths you go to...

Don't bother answering them yourself, just present the risks to your
manager and make them answer the questions (assuming you haven't been
turned to the Dim Side yourself, otherwise it's your job. Suck it!).

Security is purely a risk assessment exercise. As such, it's not a duty
for technical IT people. It falls squarely on the shoulders of
management. Competent technical people often have a healthy dose of
paranoia, which isn't always the best attitude business-wise. Competent
managers know risk management.
Sam Couter         |  mailto:sam at couter.id.au
                   |  jabber:sam at teknohaus.dyndns.org
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/linux/attachments/20060912/83757341/attachment.bin

More information about the linux mailing list