|
|
|
|
|
|
by Z1nfandel
3209 days ago
|
|
|
The most frustrating place to be in these scenarios is the IT (especially security) department. Go ask any security guy if they think their environment is secure. Very few of us will say yes. It frequently boils down to we ask for things, and there are budget/manpower/time limitations in getting them implemented. So a breach occurs, execs say to IT staff "Why was this possible." IT staff says "We requested back in <month> to fix this, and its working through the slow process" Execs say "Why didn't you scream louder, identifying it as a critical issue" IT: "There are 1000's of other issues, just like this one. The attackers just managed to exploit this one, instead of one of the others. We can't identify all issues as critical, because then nothing is critical." Both parties stay frustrated thinking the other isn't doing their job right. |
|
|