Most management folks, just don't see it that way, unless they read a press
release in one of the papers like Wall Street or the NY Times. But that is
also why there are 3rd party companies out there available to do conduct
security attestation.. :)
/mark
At 02:47 PM 12/7/00 -0500, Watson, Peter wrote:
>I just had to step in here after reading this thread for awhile.
>
>It is all very nice to to say that the security admin should have done this
>or that. Risk matrix, fixes, etc. The bottom line is the CIO or CEO is
>ultimately responsible for the corporation including security risks or
>exposures. For the most part they just don't give a ____.
>They will all say how they believe in security and it's value in the
>corporation but all they care about is their year end bonus and a round of
>golf on the weekend. A security incident or an overturned rail car or a
>hurricane is just another business incident. It happens. They are ultimately
>responsible and can be fired just like anyone else. The funny thing is that
>management is easily more expendable than line workers these days. Stay in
>the tech area and don't sweat the big issues because largely they are out of
>control.
>
>Retired security architect and a happy peeon. (Actually I just got sick of
>the total bull at high levels.)
>
>Network Guy
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
