10 claims that scare security pros
I love this: Jon Espenschied for computerworld writes this little "10 claims" article, but it's amazingly true, in that I keep seeing this over and over and over.... like this:3. "That doesn't apply to the boss."
Most of these bad apples can be managed by appealing to their Machiavellian sense of influencing others' behavior: that they at least ought to appear to be leading by example, while continuing to do whatever it is they do with the door closed. Few would admit it, but I've run across many IT organizations that simply budget a DSL line for "guest" access in the executive's office, turn a blind eye to whatever gets plugged in and chalk up support time to the test lab. It's not a desirable solution, but if the executive's still willing to sign a Sarbanes-Oxley attestation, the rest comes down to plausible deniability.