>>>>> "Richard" == Richard Ginski <[EMAIL PROTECTED]> writes: Richard> I am seeking input from my peers on the list as to how they Richard> feel about inside security professionals versus outside Richard> security professionals or some combination thereof. I agree that there should be both internal and external folks involved. Your internal folks are going to be experts at how your business works. That's going to be very important to understand so that when talking about "best practices" and whatnot, you'll know what's reasonable to do and what isn't. The outside folks are theoretically supposed to be security experts. Bringing together the experts in security and the experts in your business is necessary in order to be able to articulate a reasonable security policy that properly addresses both security and operational concerns and correctly identifies the organization's acceptable level of risk. People need to work together and be willing to let others point out flaws in what they've offered. This is no time to be territorial; someone who is territorial is more interested in preserving himself than the organization in whose behalf he's supposed to be working. -- Matt Curtin [EMAIL PROTECTED] http://www.interhack.net/people/cmcurtin/ - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
