encrypted tapes (was Re: Papers about "Algorithm hiding" ?)
astiglic at okiok.com
astiglic at okiok.com
Wed Jun 8 11:15:40 EDT 2005
"Perry wrote:"
> In case you think the answer is regulation, by the way, let me note
> that most of the regulatory pressure I've seen on security policy
> results in people finding extremely well documented ways to do exactly
> what the regulators ask, to no actual effect. This is generally
> because the regulators are almost uniformly as dumb or dumber than the
> people they regulate.
One thing that irritates me is that most security audits (that verify
compliance with regulations) are done by accountants. No disrespect for
accountants here, they are smart people, but most of them lack the
security knowledge needed to really help with the security posture of a
company, and often they don't work with a security expert. I saw allot of
requirements by security auditors that looked pretty silly.
I believe a mix of accountants with security experts should be used for
security audits
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list