Productive, but at what cost to the business? It only takes one security incident, to cost you more than the productivity of a years worth of work. Heck some of the penalities are in the 250K+ range at the most severe for HIPPA and I am sure its higher in the other regulations ( PCI, GLB, SarbOx)
Its not about a power trip either, its about following process, using good risk management techniques and being able to prove that people are accessing only what you gave them access to and no more. ( due diligence, Least Privilege rules) Actually security could show up in making sure the profits you are earning by doing your work as shown. Just imagine the laptop that the C-Level is using that wasn't Lo-Jacked and you didn't think about adding full hard drive encryption, but those juicy insider details are being pushed to your competition, because he/she/it had its laptop stolen and didn't encrypt the information that was confident/sensitive in nature. Now it's the hands of the people that shouldn't have had it in the first place. That is just one of a lot of ways you can show how working securely and following security protocol helps you stay profitable and avoid these types of situations that when you look at the bottom line cost the organization/business more money per-incident than they might make in a month or even year. Food for thought, Z Edward E. Ziots Network Engineer Lifespan Organization Email: ezi...@lifespan.org Phone: 401-639-3505 MCSE, MCP+I, ME, CCA, Security +, Network + -----Original Message----- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, December 30, 2008 10:27 AM To: NT System Admin Issues Subject: Re: LogMeIn On Tue, Dec 30, 2008 at 10:16 AM, David James <bigdadd...@gmail.com> wrote: > It's about helping your users use technology to be more productive, not > having a power trip. The problem is that security *never* shows up as a profit. (Unless you're a security firm, heh.) So if we follow that logic, all security should be banished. Of course, security failures show up -- as losses, when it's too late. The thing that really gets me about this is that people simply *assume* LogMeIn, GoToMyPC, etc., are trustworthy. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
