On 23 Oct 2002, Gary Nichols wrote:
> On Wed, 2002-10-23 at 20:54, Scott wrote:
> > The AVP of IS (my boss) then proceeded to cut me off
> > at the knees by telling me I could not spend any money, hire any
> > expertise, had responsibility - but no authority (this was implied),
> > etc.
>
> Welcome to the world of Information Security. Bend over please.
>
> > Based on some recent happenings - someone figured out how to install an
> > unauthorized proxy server that bypassed all security checks - they wouldnt
> > have a thing to worry about, as it most likely would never be noticed.
>
> And you just so happened to have all the proper security policies
> (including a network security and sanction policy) in place to properly
> remove this person from their status of "employed", right? :-)
>
> Sometimes in your situation it's best to do what you can with what you
> have, draw up proposals and persuasive arguments for what you need and
> hope the stars are aligned when you ask for it.
>
> A security manager with no power is as useful as a razor to a bald man.
>
> Let's all hope your $boss gets clued in.
>
> Best of luck,
>
> Gary
>
>
>
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
Policies & Procedures?!? Not likely to happen at my place of employment
for lots of reasons - one being that upper mgt will not stand behing/back
them up. The few that we do have are hidden - I inquired why, received no
intelligent answer - and only available to managers and above.
Oh well. Like I said, I WAS the IS Security Mgr. After 10 months of
banging my head on the wall, I just gave up and went back to System Admin
(at least that group was happy (really!) to have my back).
scott
(text/plain)