> > <cynical grin> Would that that would really help. I guess maybe in the > long run it might, but I'm not holding my breath. There's still the > small matter of connecting cause with effect and then implementing a > program that will function appropriately at all levels of the
Just did a presentation to a bunch of AeA CFO's (AeA is American Electronics Association) where the fist slide I gave them a piece of paper that has to go with their 10K reports and said: Ok, as the CFO of a public company, would you sign this: (a bunch of legal gook I got from our SEC lawyer). Went through a high(board level) presentation with lots of pretty color pictures, talked about jail time and fines and informed them that the CFO is the one who will sign it.. then when done, said 'ok, NOW who will sign this. You KNOW for a FACT that your IT department has taken care of this, right? you don't need an outside/third party audit to make sure the IT or internal security guys did their job, right? NO ONE. wanted to sign it then. -- Michael Scheidell SECNAP Network Security, LLC Main: 561-368-9561 / www.secnap.net Looking for a career in Internet security? http://www.secnap.net/employment/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
