[Full-disclosure] Technology and your Security Program
Paul Melson
pmelson at gmail.com
Fri Oct 12 12:05:14 BST 2007
On 10/12/07, Kelly Robinson <caliana1989 at gmail.com> wrote:
> Why should technology be the final tier to be fully implemented in a
> security program?
>
> I am thinking in terms of the Digital Liability Management model:
> http://daemonic.wordpress.com/2006/04/26/it-security/
Is this a trick question?
If you buy product first, you will find yourself changing policy and
accepting otherwise unnecessary risk or expense (or both) in order to
retrofit your policy to your technology. In other words, you're
letting the tail wag the dog.
PaulM
Full-Disclosure is hosted and sponsored by Secunia.