mailing list archives
Re: [PEN-TEST] Testing a "rogue site"
From: "Alexander Sarras (SEA)" <Alexander.Sarras () SEA ERICSSON SE>
Date: Wed, 13 Sep 2000 08:41:01 +0200
-----BEGIN PGP SIGNED MESSAGE-----
From: Missy, E [mailto:freehold () EROLS COM]
Sent: Monday, 11 September, 2000 11:36 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] Testing a "rogue site"
"Karyn Pichnarczyk" wrote:
But unless you go by
the One and Only rule, you will not last long in the security trade:
1. Business Must Continue.
If this rule is not followed, then it doesn't matter how good or bad
the security posture is: the company just won't exist!
Therefore, the Business Demands of the company must be met,
AT ALL COSTS
including, regretfully and occasionally, the cost of bad security.
More and more, without security, companies can be
(temporarily) 'made to
not exist' - i.e. brought down, sometimes for an extended
period of time
if a sufficient hit is made. Business will *not* continue
and communications. What's more inconvenient, a few 'extra' steps
between users and tasks (i.e. logging procedures, periodic
etc.) or the inability to perform those tasks at all? After all, we
all got used to waiting in airports to get through the metal
That's my understanding, too, but I almost thought I was all alone there.
On that example here, something that can be termed 'rogue' _stays_ outside
the firewall in my book. And won't enter the dmz unless _I_ am satiesfied
with security. Companies using sensitive data of any form tend to stay
longer in the bizz if they've implented a reasonable amount of security.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1 Int.
Comment: Even paranoiacs have enemies!
-----END PGP SIGNATURE-----