Bill this isn't just a question of someone taking responsiblity and
acknowledging their risks, it is a matter of your prinicipals and your
belief in what you do.
I too was recently faced with this decision and followed the advice of some
to make sure that they understood the risk that they were taking. They
claimed they understood the risks, and felt that it was worth the potential
gain. My job was to secure their resources and that made it impossible to do
that. In the end I realized that I couldn't compromise what I believed was
right and resigned based on the fact that they were creating a risk that I
could no longer effectively manage.
I am not saying that you should quit and leave, and I don't advocate leaving
your job because someone doesn't agree with you. However, there is a point
at which you cannot cross the line, you cannot compromise your principles.
No matter what someone signs saying they accept the risk, your the one who
is still responsible for managing that risk on a daily basis.
Jason P. Wilcox
-----Original Message-----
From: Bill Husler
Cc: [EMAIL PROTECTED]
Sent: 4/14/00 9:57 AM
Subject: Off Topic: Upper Management decision making
Has anyone here had occasion to face the situation where Upper
Management decides
to move forward in a direction against to the recommendations of the
group
responsible for data security disregarding their concerns? If so, what
did you do
about it? Did you write it up and ask them to formally acknowledge their
acceptance of the exposure? What form would this document take? Any
examples?
Bill
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
