dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
6
share rss forum feed

aryoba
Premium,MVM
join:2002-08-22
kudos:4
reply to nosx

Re: Burned by IP INSPECT -- My Own Personal Journey

said by nosx:

"But somebody could scale the telephone pole and strip the cable and tap it and steal data!" - Real QSA.

This reminds me of a story that a lot of government entities encrypt their data over point-to-point dedicated private links as a requirement in order to avoid the situation where the ISP or telco stealing their data. There are however no such requirements coming from some federal entities such as Federal Reserve and financial exchanges. I guess some rules and/or mindsets are not applicable to all government entities

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:8

Cost and speed trump security.

And for the record, the only .gov systems I've ever known to use encryption are systems carrying sensitive information. ("top secret", "classified", etc. i.e. not for the public to see. I couldn't believe the shear volume of crap they stamp sensitive -- 'tho partly because they don't want to take any time evaluating it.)


aryoba
Premium,MVM
join:2002-08-22
kudos:4

said by cramer:

Cost and speed trump security.

Basically network security is about where and how technical understanding your company lawyers are. In one of my previous company, we got Infrastructure Security VP that had JD and MBA degrees in addition to network engineering and support background that enabled him to see eye to eye with anybody; management and technical people; which helped tremendously in implementing policies and procedures. So no fancy nor frivolous stuff, just necessary things to keep the cost minimal yet we still passed the network security audit and compliance