Here is a link to a page about a more extreme symptom of what does affect
us - Denial of service.
I felt motivated to do some more research after a comment from Gordon.
http://grc.com/dos/grcdos.htm
I had a similar situation with a client with the SirCam virus.... similar in
that once you know what the problem is - working with others to resolve it -
or getting help from an ISP can be 'very' difficult. In developing a full
security policy and audit as well as action plans - one should place more or
equal value on the other qualitative issues at hand. The technology is
often the easiest to fix and manage (in my experience).
Annoyed stake holders that do not want or need to know the details - yet
still want to know why and how (without geek speak). Different tiers of
supplies and service providers to whom your agenda is often not their main
concern.
Employee disruption, public disclosure, stock price, good will and
accountability. Oh, and the general level of 'chaos' within an organization
is often testament to how well ones professional act is together.
Not to mention process refinement and a documented reference to how the
initial audit process started and was managed - if you want to prove that
you =did= do all you can do and that you still deserve a job or a client as
the case may be.
Are all issues that deserve attention - before hand.
Maybe we should stop counting a benign statistic and start concentrating on
what =can= affect us - destructively that is. After all we're not an NT or
IIS "Development Info" mailing list are we. :)
Cheers,
Richard Ford.
[EMAIL PROTECTED] www.cubok.com
The views expressed here are solely my own and do not necessarily represent
those of my employer.
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
