Interesting bit of a quote

Leichter, Jerry leichter_jerrold at emc.com
Tue Jul 11 13:02:27 EDT 2006 

| That's not a change. You should never have granted unlimited trust to
| insiders. Just as most organizations do not have the same person handling
| accounts payable and vendor selection, you should have checks and balances in
| IT as well.
There have always been parts of the business where you needed to enforce
things quite tightly - mainly those that handled cash or cash equivalents.
Other things were enforced more loosely.  The change is that so much is
now moving into the "tight enforcement" category - and not just because
of SOX.  For example, there's a large and growing business in reviewing
employee-submitted expenses.  These have always been subject to *some*
level of review, but now they are increasingly scanned by computer for
the smallest violations of policy.
 
Business ultimately depends on trust.  There's some study out there -
I don't recall a reference - that basically finds that the level of
trust is directly related to the level of economic success of an
economy.  There are costs associated with verification, some of them
easily quantifiable, some of them much harder to pin down.  The
difficulty is in making the tradeoffs.  We're now pushing way over
on the verification side, in a natural reaction to a series of major
frauds and scandals.
							-- Jerry

| -Stiennon
| 
| 
| At 07:49 AM 7/11/2006, leichter_jerrold at emc.com wrote:
| > ...from a round-table discussion on identity theft in the current
| > Computerworld:
| > 
| >         IDGNS: What are the new threats that people aren't thinking
| >         about?
| > 
| >         CEO Dean Drako, Sana Security Inc.: There has been a market
| >         change over the last five-to-six years, primarily due to
| >         Sarbanes-Oxley. It used to be that you actually trusted your
| >         employees. What's changed -- and which is really kind of morally
| >         and socially depressing -- is that now, the way the auditors
| >         approach the problem, the way Sarbanes-Oxley approaches the
| >         problem, is you actually put in systems assuming that you can't
| >         trust anyone.  Everything has to be double-signoff or a
| >         double-check in the process of how you organize all of the
| >         financials of the company....
| > 
| >                                                         -- Jerry
| > 
| > ---------------------------------------------------------------------
| > The Cryptography Mailing List
| > Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
| 
| Richard Stiennon
| The blog: http://www.threatchaos.com 
| 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list