Just thought ya'll might be interested in the outcome. I'm not going to rehash the
original discussion here - anyone that missed the discussion can go back to the list
archives. We prepared our acceptance of risk document and presented it to the upper
management in question. We were told "I won't sign it, but we will be moving forward
none the less". We escallated our concerns within the vendors organization and were
put in touch with
some tech support individuals that were willing to acknowledge our concern and to
respond with the only recommend method of implementing the solution proposed in a safe
and secure way. We did have our management in on this call, so it was clear that we
were not just making it all up. We ran the numbers and found that it actually would
cost more doing it the cheap way with the changes that the vendor required, than it
would to do it "the
right way". When presented with this analysis, the same management that told us to "go
jump" was now willing to say "do it the right way".
Bill
ps. In case anyone would like to read more into this than is intended, not of the
management words used above were actually use. The point I wanted to make was that
when we made it clear that we really were trying to work with their solution and make
it work, it wasn't going to save them money after all AND THE VENDOR BACKED US UP!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
