Chris Craddock writes:
True enough and this is part of the "dirty little secret" we live with.
Security is only as good as the weakest link. Most systems run a mix of
IBM, ISV and home-grown software and it is almost laughably easy (for a
guy like me anyway) to find holes in that environment.
This is the case for many of us, and I am not sure that it is nearly so
problematic as it is usually represented to be.
Most large cities contain locksmiths who, given physical access, can open
bank vaults almost at will; but they do not use their skills to burglarize
banks; they open vaults only in response to legitimate, elaborately
authenticated requests. It is indeed arguable that if bank vaults are to be
prevalent locksmiths who can open them in extremis are essential.
Insecure shops are highly problematic, but I know of shops of this kind in
which security measures of various plausible-to-laymen kinds (and others
represented, disingenuously, as useful by those who know better) have been
effective only in hamstringing operations and performance.
I have just looked at a set of 23 security recommendations for a z/OS shop,
prepared by an eminently respectable public accounting firm, of which three
were reasonable, although not very important, and 20 were preposterous; and
the sour tone of this post is perhaps attributable to that experience.
John Gilmore
Ashland, MA 01721-1817
USA
_________________________________________________________________
Get in the mood for Valentine's Day. View photos, recipes and more on your
Live.com page.
http://www.live.com/?addTemplate=ValentinesDay&ocid=T001MSN30A0701
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
