|
|
|
|
|
|
by ThrowItAway2Day
2016 days ago
|
|
|
I agree that it's unfortunate that security and bureaucracy go hand-in-hand. As security becomes more a priority, the annoying overhead grows with it.
However, I think this is just the nature of security. It's a cumbersome task. Think of any organization that security is very important to, especially where it is life and death. Military, government, criminal gangs, VIPs/executives. All have large bureaucracies to maintain and enforce security. I think the adversaries any of these groups face are so persistent and capable that the only answer is bureaucracy. Training the person can only go so far. Individuals alone are too susceptible to minor slips in operational security.
If a small company that isn't targeted by advanced persistent threats has such a bureaucracy, it's overkill. |
|
|
One recent example I saw was prioritizing the re-evaluation of a system that is low impact and limited access over the remediation of issues on a widely accessible system, only because the low impact evaluation was going to be out of tolerance sooner and therefore look bad on report cards.