| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Aug 10 14:04:28 2005 From: cfullerton at fullertoninfosec.com (Chuck Fullerton) Subject: perfect security architecture (network) That is the exact attitude of "Perfect Security". If you have a small 10 person shop your not going to purchase a big identity management solution. Your going to spend a couple of hundred dollars to train you and your people how to create and use strong passwords effectively. EVERYONE in the industry must remember that ROI and TCO are king and queen. If you can't justify the expenditure for the protection, then it's not working. The only exception to this rule is that everyone must take those basic minimum steps to protect the systems under their control. Such as, firewalls, anti-virus, and updates. I do a lot of work with the "Forgotten Market" of Small and Medium Business. At this level ROI and TCO are critical to the success of the plan. Smaller companies don't have the capital to waste and recover from other areas like the large enterprises do. Chuck Fullerton -----Original Message----- From: C0BR4 [mailto:cobradead@...il.com] Sent: Wednesday, August 10, 2005 3:01 AM To: charles.heselton@...il.com Cc: Chuck Fullerton; full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] perfect security architecture (network) Hi All, the point that i wanna make is "just make it simple".if i can work with what i got. why i have to invest???? . if no tool provides 100% security.why not invest little money in Awareness program. policy design and specially restrict user for unnecessary applications. thank you all for your valuable comments C0br4
Powered by blists - more mailing lists