On Wed, 2002-10-23 at 20:54, Scott wrote:
> The AVP of IS (my boss) then proceeded to cut me off 
> at the knees by telling me I could not spend any money, hire any 
> expertise, had responsibility - but no authority (this was implied), 
> etc.  

Welcome to the world of Information Security.  Bend over please.

> Based on some recent happenings - someone figured out how to install an 
> unauthorized proxy server that bypassed all security checks - they wouldnt 
> have a thing to worry about, as it most likely would never be noticed.

And you just so happened to have all the proper security policies
(including a network security and sanction policy) in place to properly
remove this person from their status of "employed", right?  :-)

Sometimes in your situation it's best to do what you can with what you
have, draw up proposals and persuasive arguments for what you need and
hope the stars are aligned when you ask for it.

A security manager with no power is as useful as a razor to a bald man.

Let's all hope your $boss gets clued in.

Best of luck,

Gary