From: mr.nasty@ix.netcom.com
Date: Tue Nov 28 2006 - 16:51:56 EST
The reason for regulatory bodies is because there are those in the business who can't seem to follow a set of guidelines to provide at least a basic level of trust to keep their customers identity private. Now I don't want to get off on a rant here but the opportunity is there.
The latest headline on SF is "A Hard Lesson in Privacy". Now I realize this is about a young blond TV talking head and her sexual antics but the point is that even the most harden CEO's (no pun) have slipped a time or two on the life's banana peel and tried to make it look like they meant to do that.
These people (even SANS) sound like the same group of tax protesters I had to face in the 80's. They didn't feel the IRS regulations had bearing on them, they didn't vote for the tax so they should be exempt. Or they would look at these auditors as if they had some low life job like inspecting elevators. (Not that inspecting elevators is a bad thing - which sounds like BS, go back in the refrigerated computer room in your Wal-Mart dress for success Dickies.)
No my IT Security buddies out there who think you don't need regulations, believe me from my point of view not only do you need them over 80% of this population need some way to have your work reviewed.
Who better than regulatory bodies to provide some type of framework? These bodies keep IT and IT Security accountable. That should probably have been a four-letter word considering the groans and moans it causes. Who do you people think you are that you don't have to be accountable? You're only IT people.
This is a growing area as long as there are new and improved business practices and technologies there will be an amendment or regulatory body to keep that part of business for the consumer safe.
As an individual who has to examine corporate computer systems forensically it pains me each time I have to talk with a big headed dim wit system admin who can tout his high scores on Everquest but can't seem to understand the concept of a freaking log configuration, and the nim rod makes 85 grand a year, doing what?
Yes people I'm sorry but the fact of the matter is that there are and will be regulatory bodies as long as there is business. IRS is a regulatory body in some ways as well as the SEC and all the rest. It's all part of 'doing business'.
So you might want to consider that opening with Otis. I apologize about this out burst but the more I hear the whining here about regulations this and regulations that and comparing my colleagues to elevators inspectors it winds me up real tight.
I used to be an IT auditor. That's how I became the IT security officer for two agencies. I do what you guys can't because I learned the right way to do it from those check lists.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:24 EDT