Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Testing a "rogue site"
From: Peter Van Epp <vanepp () SFU CA>
Date: Fri, 8 Sep 2000 19:19:07 -0700

 Hi folks!

 I've got an interesting scenario/case study  here.

Very recently, there was a slight organizational change in our company and two
out of town sites became added to our "circle of responsibility". Although they
were added, company politics prevents us from dictating any IT policy to these
new sites.

        Then common sense dictates that you don't have any responsibility for
their security either since that would make this a classic "responsibility
without authority" situation and the solutions are basically obtain the
authority to go with the responsibility or decline the responsibility (which
may turn in to option 3) or that always valid third choice find a job with
someone with a clue that doesn't try the "responsibility without authority"
stunt. Security people are very marketable if the offers I get are any
indication. Previous experience indicates bozos aren't worth working for
conversely think hard before leaping from a non bozo environment, money
certainly isn't everything, and is often an indication of a high bozo
factor ...
        A security policy would also be a good first step should you decide to
stay (and probably a good bellweather of whether you should stay ...).

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]