|
|
|
|
|
|
by NickNameNick
4185 days ago
|
|
|
I think M j Ranum [1] probably has an exceptional understanding of risk. In fact all of his points - the 6 dumb ideas - are places where he's pointing out that people are widely misinterpreting the risks, and putting their time and effort in the wrong place as a result. Most of the closing paragraphs for each point are suggestions on how to better prioritise your time and effort so you can get on whatever make you money. And wrt your second paragraph, if we consider most companies, there is a 'default permit' on the network, between the workstations in the finance department, and the r&d department, unless they're in physically separate locations, and often even then. The workstations in the finance dept will almost certainly run any software at all, unless it's caught by the anti-virus (default permit, and enumerating badness). You're right that they should be locked down, but are they? [1] http://en.wikipedia.org/wiki/Marcus_J._Ranum |
|
|