Interesting bit of a quote
Richard Stiennon
richard at stiennon.com
Tue Jul 11 13:45:28 EDT 2006
That's not a change. You should never have granted unlimited trust to
insiders. Just as most organizations do not have the same person handling
accounts payable and vendor selection, you should have checks and balances
in IT as well.
-Stiennon
At 07:49 AM 7/11/2006, leichter_jerrold at emc.com wrote:
>...from a round-table discussion on identity theft in the current
>Computerworld:
>
> IDGNS: What are the new threats that people aren't thinking
> about?
>
> CEO Dean Drako, Sana Security Inc.: There has been a market
> change over the last five-to-six years, primarily due to
> Sarbanes-Oxley. It used to be that you actually trusted your
> employees. What's changed -- and which is really kind of morally
> and socially depressing -- is that now, the way the auditors
> approach the problem, the way Sarbanes-Oxley approaches the
> problem, is you actually put in systems assuming that you can't
> trust anyone. Everything has to be double-signoff or a
> double-check in the process of how you organize all of the
> financials of the company....
>
> -- Jerry
>
>---------------------------------------------------------------------
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
Richard Stiennon
The blog: http://www.threatchaos.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list