Elliotte Harold wrote:
Disgruntled employees. Rogue wifi access points. Crackers posing as janitors. Visiting salespeople. Interns with too much time on their hands. etc.
My company consists of me, my mother and my brother. We don't have a janitor, interns or visiting sales people. We don't have wifi. I know I can't trust my brother, but I'm not too bothered if he sniffs out my password and posts obscene messages on the wiki using my name. None of this justifies a MUST of anything.
You might as well add a MUST to the spec requiring that all accounts on an APP server have passwords greater than 9 characters, a mixture of letters and numbers, no dictionary words, and they MUST be changed every second week. Point out the risks all you want, but don't tell me what I MUST do in my own home.
Regards James
