I agree, without the data you have nothing, protecting the data is what its about. Why have controls in systems if you aren't trying to protect the crown jewels which is the data in which your organization/business used to get its job/mission accomplished.
Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -----Original Message----- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, April 17, 2013 2:43 PM To: NT System Admin Issues Subject: Re: On the subject of security... On Wed, Apr 17, 2013 at 11:36 AM, Ben Scott <mailvor...@gmail.com> wrote: > On Wed, Apr 17, 2013 at 2:29 PM, Kurt Buff <kurt.b...@gmail.com> wrote: >> On Wed, Apr 17, 2013 at 1:59 AM, James Rankin <kz2...@googlemail.com> wrote: >>> ...today's XKCD sums it up nicely >>> >>> http://xkcd.com/1200/ >> >> So, yeah, that's true if you don't use full disk encryption, or a >> password on your computer/domain account ... > > You're missing the point. > > A lot of devs and admins fall into the trap of protecting the system > and forgetting that there's a reason why we have the system in the > first place. I ultimately don't care about my "root" account. > Protecting it is just a means to an end -- protecting my data, most of > which lives in my user account. No, I'm not missing the point. Protecting the end-user account and its data is what those techniques are for - and they also need to be applied to the root/administrator account. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin