[thelist] how secure is reasonable

Joel D Canfield joel at streamliine.com
Sun Oct 7 16:57:40 CDT 2007


> Again, a strong and sensible security policy is a must, and get the
> clients to agree that they will follow the policy.  But, you have to
> assume that's a weak link.

I think you have to assume it's a non-link. Clients print things and
leave them laying around or they let their kids play games on their
machine, and no policy on earth will make them change unless they're
already security conscious. Better to focus on what's enforceable than
try to teach these folks respect for client confidentiality, if they
don't already have it.

At Bob's level of involvement in this, it's unreasonable for him to take
responsibility for anything more than offering the choices of various
levels of security, and implementing whatever the client feels is
'reasonable'

It's easy to be lulled into a false sense of security by policies and
promises. Lock down the parts that are mechanical or digital, but don't
ever think you'll convince someone to become security-minded if they're
not already.

joel



More information about the thelist mailing list