On 12/3/2014 10:42 AM, Jan Schaumann wrote:
Hello,
I'm currently exploring the intersection of #sysadmin / #infosec[1] a
bit. There is obvious overlap, yet at many companies the two camps also
frequently end up at loggerheads. I'd like to collect some feedback:
What #infosec or (PCI) compliance mandates and rules drive you nuts?
What (seemingly or actually) pointless, braindead things are demanded of
you?[2]
On the flip side, what are some of the security related concepts or
fundamentals that you think junior sysadmins are frequently lacking or
having trouble understanding?[3]
Feel free to email me off-list, if you prefer. Alternatively, you can
also reply to the tweets referenced.
Here's one (that, thankfully, I currently don't have to deal with).
Password policies that enforce very explicit lists of things like 1
this, 1 that, 1 the other, and maybe another one of something else that
also must be changed every 30 days. The results tend to be totally
counterproductive, and have been documented many times in relevant
literature, but somehow many organization still end up making the same
mistakes.
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
