mailing list archives
Re: [PEN-TEST] Testing a "rogue site"
From: Peter Van Epp <vanepp () SFU CA>
Date: Fri, 8 Sep 2000 19:19:07 -0700
I've got an interesting scenario/case study here.
Very recently, there was a slight organizational change in our company and two
out of town sites became added to our "circle of responsibility". Although they
were added, company politics prevents us from dictating any IT policy to these
Then common sense dictates that you don't have any responsibility for
their security either since that would make this a classic "responsibility
without authority" situation and the solutions are basically obtain the
authority to go with the responsibility or decline the responsibility (which
may turn in to option 3) or that always valid third choice find a job with
someone with a clue that doesn't try the "responsibility without authority"
stunt. Security people are very marketable if the offers I get are any
indication. Previous experience indicates bozos aren't worth working for
conversely think hard before leaping from a non bozo environment, money
certainly isn't everything, and is often an indication of a high bozo
A security policy would also be a good first step should you decide to
stay (and probably a good bellweather of whether you should stay ...).