Ken makes an excellent point. In my opinion, this still falls into the category of "I don't need perfect security, just better security than my neighbors".
I get that a chain is only as strong as its weakest link, but the less information about your company's infrastructure that gets exposed, the better. Cheers,,,Steve Steven F. Conway, CISSP LA Systems z/OS Systems Support Phone: 703.295.1926 steve_con...@ao.uscourts.gov From: Ken Hume IBM <kph...@live.com> To: IBM-MAIN@bama.ua.edu Date: 07/28/2011 03:50 PM Subject: Re: disclosing "business" information on the internet Sent by: IBM Mainframe Discussion List <IBM-MAIN@bama.ua.edu> Frank, From your website.... "FirstBank has a full-time software developer position available for a .NET software developer. Responsibilities include analysis, design, coding, and testing of new multi-tier applications as well as enhancing existing applications in a team environment. Applicant must have at least two years of professional experience with C# or Delphi. Applicant needs strong Delphi or C# skills with some ADO.NET (preferably with Oracle's ODP.NET). Experience with IIS, XML, WCF, SQL, ASP.NET, AJAX, or web services is a plus." That, and the java position you have open tells folks a lot about what you have there. I'm sure you have advertised for positions that require z/OS and COBOL experience. I think they are over reacting a bit. Ken Hume IBM PD Tools Client Advocate (720)396-7776 kph...@us.ibm.com On 7/28/2011 12:20 PM, Frank Swarbrick wrote: > Here's something that I think may be of general interest. > > Our information security officer sent the following to my manager: "The content Frank is positing does not appear to be specific to our environment. However, I am concern by the fact he posts his position, where he works, and phone number. This creates some social engineering risk, as well as discloses information about the operating systems we use. Who can I talk with to ask Frank to remove information related to where he works on this conversation thread and future ones?" > > Are these concerns justified or just paranoia? > > I like posting this information because I've received useful contacts and information based on it. I'm curious what policies other businesses have. > > Frank > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
