Re: Question re security

From: Hans Forbrich <fuzzy.graybeard_at_gmail.com>
Date: Thu, 16 Jan 2014 10:33:31 -0700
Message-ID: <52D817EB.3000705_at_gmail.com>

On 16/01/2014 10:11 AM, mohammed bhatti wrote:
> I believe the old faces for the most part, took these guidelines from
> the DISA STIG and the new faces just followed what the old faces did.
Seen that. At least the Old Faces were sometimes approachable and you could explain & then negotiate away the worst of it. These days, it's 'by the book'. It's what happens when you send in the second string.

>
> Oh yeah, don't get me started on the auditing requirements. Basically
> audit EVERYTHING (select/update/insert/delete, ddl, etc).
There is a time and place for EVERYTHING. A project I recently left had that as a legit requirement and, while I agreed with the requirement I did not agree with the implementation. (One of the reasons I left.)

On the other hand, 95% of the audit requirements I see are 'just because', and I'm convinced the person making the recommendation does so because they own shares in Seagate.

A lot depends on what 'they' plan on doing with the data they collect. Seems most of the time they have no idea - other than perhaps giving the next group of auditors something huge to chew on and charge more big bucks for, as in "it's a self-perpetuating cash cow".

/Hans

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Jan 16 2014 - 18:33:31 CET

This message: [ Message body ]
Next message: Powell, Mark: "RE: Question on IOT with ascending primary key with a twist"
Previous message: mohammed bhatti: "Re: Question re security"
In reply to: mohammed bhatti: "Re: Question re security"
Next in thread: Nuno Souto: "Re: Question re security"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message