[30456] in cryptography@c2.net mail archive
Re: Interesting bit of a quote
daemon@ATHENA.MIT.EDU (Richard Stiennon)
Tue Jul 11 13:21:49 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 11 Jul 2006 11:45:28 -0600
To: leichter_jerrold@emc.com, cryptography@metzdowd.com
From: Richard Stiennon <richard@stiennon.com>
In-Reply-To: <Pine.SOL.4.61.0607110945240.15505@mental>
That's not a change. You should never have granted unlimited trust to
insiders. Just as most organizations do not have the same person handling
accounts payable and vendor selection, you should have checks and balances
in IT as well.
-Stiennon
At 07:49 AM 7/11/2006, leichter_jerrold@emc.com wrote:
>...from a round-table discussion on identity theft in the current
>Computerworld:
>
> IDGNS: What are the new threats that people aren't thinking
> about?
>
> CEO Dean Drako, Sana Security Inc.: There has been a market
> change over the last five-to-six years, primarily due to
> Sarbanes-Oxley. It used to be that you actually trusted your
> employees. What's changed -- and which is really kind of morally
> and socially depressing -- is that now, the way the auditors
> approach the problem, the way Sarbanes-Oxley approaches the
> problem, is you actually put in systems assuming that you can't
> trust anyone. Everything has to be double-signoff or a
> double-check in the process of how you organize all of the
> financials of the company....
>
> -- Jerry
>
>---------------------------------------------------------------------
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
Richard Stiennon
The blog: http://www.threatchaos.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
