"more secure" 3rd-party file sharing?
Tom Buskey
tom at buskey.name
Thu Aug 24 08:17:01 EDT 2006
On 8/23/06, Ben Scott <dragonhawk at gmail.com> wrote:
>
> On 8/23/06, Bill McGonigle <bill at bfccomputing.com> wrote:
> >> I know that fixing wetware makes the Microsoft patch process look
> >> easy, but ultimately, it is what is needed. No matter what you do,
> >> you can't have a secure system with insecure people. This is
> >> inescapable fact.
> >
> > you also can't have fool-proof people. I wonder how the TLA's handle
> > this.
>
> Are you referring to classified information security?
>
> If you really want to know, much of it is documented in the NISPOM
> (National Industrial Security Program Operations Manual, available
> from http://www.dss.mil/isec/nispom.htm). Along with the venerable
> NSA rainbow books (http://en.wikipedia.org/wiki/Rainbow_Series). Most
> of it is really rather dull.
...
> The procedural side of things might be more useful to you. Again,
> not in the details, but in the concepts. Regular briefings and
> training. Lots of logs and audit trails and accountability. To get a
> Security Clearance, you have to sign an NDA, take an oath, submit to a
> background investigation. Security Is A Big Deal. It is treated as
> an essential element, rather then a hassle. Not the rubber stamp that
> corporate security usually is, but "You will go to Federal Pound Me In
> the Ass Prison if you screw off".
There's a clause about punishable by death too. They look into your medical
records, interview your associates and relatives and especially look into
your financials.
It's a pain to admin classified environments (no yum update! No google.)
Once a disk goes in, it doesn't come out so repairs can be problematic.
If you get that kind of commitment, the human factors become
> manageable. If you lack it, you'll probably never win. Most
> organizations lack the commitment. They reap what they sow.
A security expert once said: If you don't trust your people, fire them.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20060824/1e23e9d8/attachment.html
More information about the gnhlug-discuss
mailing list