On Dec 28, 2005, at 4:14 PM, Hal Merritt wrote:
Here is compelling evidence why auditors should *never* be
permitted to
make security 'requirements'. Never. Only see that due diligence is
done.
What we have is a serious case of auditors going wild using only
garbled
media reports as justification.
Wholesale encryption just does not make sense. Thoughtful risk
assessments and cost effective countermeasures are the only reasonable
ways to deal with the threats.
Tell that to your auditor and see how far you get:)
Ed
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
