Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Re: Flawed Surveys [was: VPN endpoints]

From: "Paul D. Robertson" <paul () compuwar net>
Date: Fri, 3 Sep 2004 15:03:48 -0400 (EDT)
On Fri, 3 Sep 2004, Stailey, Mike wrote:


Paul, How many times in our career have we busted hump with charts,
facts and figures on something we were passionate about and when we got
an audience with the top brass we noticed their eyes glazing over? Could


With facts, it's often easy to get budget, not quite as easy as a major
event (after the fact, money becomes little or no object.)


SOX while on the surface seems like yet another B-S big brother not
going to work legislation -or- could it be disguised as the start of a
"revolution"?


I was asked once by a congressional staffer[1] what Congress could do to
improve computer security.  I think it's a pretty easy answer- mandate
disclosure of several classes of events in a company's 10Q.  Likely
though, we'd need to close a "not a public company" loophole, and the "not
a US company" loophole, but I really think that'd have more effect than
anything else we could do.  Sarbaines-Oxley isn't a bad thing in my mind,
but it really is about money, and we as an industry could do much better
figuring out what should be reported, and how (both event and
protection-wise.)

Paul
[1] Apologies to the non-US readers for not having anything more global,
but if we get better, it'll help you too.
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: