Report: Sarbanes-Oxley could threaten security

TalkBack 6 of 13:

Next »

« Previous

• Thread View
• Flat View

Thanks for your shallow insight ...

``Your second question: "nd WHY security was NOT there even BEFORE SOX went into effect? There was NO security infrastructure before? "
Is even more rudimentary.

The simple answer is, "Yes", of course there was''
I see. Let me see what is the supportng info.

``security. You are obviously not a security professional, '' You are quick in judging but very slow in thinking SINCE you have NO supporting information for this unintelligent claim. Moving on ...


``which is ok, so I am sorry to be the one to have to tell you this...security threats change every day. ''

Let's stop here for a moment: I am really impresesed. What a ... profound statement. How did you come up with that? Does your family have more people as smart as you?

``Technology changes, hacker/phisher/phreaker/etc's methodologies change every day, '' You are killing me here; Stop it you are full of ... profound AIR.


``new software holes are discovered on a daily basis. '' This is really the epitome of profound statements. New holes everyday? How do you come up with these stuff? Are related to Seinfeld?


``So, what happens when the security officer goes to the CIO and other C_Os for moeny to meeet these threats? They hear, "Sorry, nothing left in the budget for that, it is all spent on SOX compliance.''

Right, right.... I hope that you are joking. Right?

However, FYI and in case you really believe all the above low braw nonsense you paraded to us full of pomp and circumstance:

Security is a specific and well-defined REQUIREMENT for the proper OPERATIONS of a data center and not something that can OPT out of.

The IT professionals NEED to know the security requirements of the operations and implement infrastructure to PROVIDE IT.

e.g., if you need to transmit, store and process financial transactions and NO piece of data can be leaked out, then you need to utilize authentication, encrypted transmission and storage and NO part of the system can allow the aprehension of any information. In communications, even if there are evesdroppers, the encryption safeguards against it.

The current security WOES stem from the fact that a host is NOT secure enough and makes posible a process to obtain access to data belonging to another one. Or execute with higher privilleges that is supposed to.

Security is NOT something that you discover everyday. People are supposed to PLAN for this and make design and implementeation decisions that MEET the PLANNED levels. This is similar to a bridge engineer designing and implementing a bridge: he designs against a particular level of load on the bridge and he plans againts the worst possible stresses and forces. It is not something that HE learns AFTER he builts the bridge. (``You mean that trucks need to cross the bridge too? I planned for cars only'' : laughable engineer)

So the SOX presence should have nothing to do with the SECURITY requirements that where ALREADY there before SOX.

If you learn of new holes everyday, then you do NOT know much about security, neither do you have much of a common sense.

I would tell you to Critique yourself FIRST, but it is obvious that this is TOO hard for you. So don't over-exhert....


-m

Posted by: michael_t   Posted on: 07/12/05 You are currently: a Guest | Members login | Terms of Use

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

SponsoredWhite Papers, Webcasts, and Downloads

• Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
• Server Consolidation and Containment With Virtual Infrastructure VMware To meet the constant demand to deploy, maintain and grow a broad array of ... Download Now
• Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now