Does Sony have the legal right to raise prices? Of course. However, their decision to raise prices immediately after the announcement of her death demonstrates exceptionally poor judgement. Again. IMHO.
/ “The right to do something does not mean that doing it is right.” - William Safire
One option to consider is seeing whether you can file for an exception. Your company may have an exception policy with respect to the implementation of controls like full disk encryption. If not, you may want to ask them to implement one as it's a fairly standard practice. The security folks may want you to explain to them (in writing) why you can't implement the control, why you don't believe there's risk, and what possible other mitigating controls exist to minimize or eliminate the risk of not using full disk encryption, but with that you might be able to file for an exception. Just a thought.
FWIW, RC1 for Windows imported only a few of my v2 bookmarks and won't allow me to import a backup html of them into v3. It also blew out my v2 cookies. Just a heads up for those considering installing RC1 - backup your bookmarks and cookies. I had to uninstall RC1 and reinstall v2 just to be able to use my bookmarks.
...when he said that "The Network is the Computer" back in 1984. People mainly need an inexpensive & fun way to connect to the Internet, and with Internet-enabled phones, PDA's, and handheld devices becoming more ubiquitous, it would make sense that PC sales might slump. That doesn't mean that PC's are going away any time soon, it just indicates that the PC market is reaching maturity and saturation.
I'm sorry, but I disagree with your assertions here. If I pay for the rights to something, I've bought the right to use (and reuse) it as I will, without obstruction or degradation. Embedding hidden content or artifacts degrades the product I've purchased. Does that make me an advocate for theft? I don't think so - I own over 1,200 CDs.
No offense intended, but when you say "almost certainly", "there's a decent chance", and "will probably" that means that you don't really know and are making assumptions and/or generalizations. I'm not so forgiving in my view of this ISP's actions - it appears that they messed up big time. While I completely agree that there's a lot of FUD in the security marketplace these days, it's the responsibility of management to hire people who know this stuff cold. People who know that it's "People, Process, and Technology" - in that order. Any company that goes and implements Technology (i.e., a security product) without first considering People (e.g., training & hiring competent people) and Process elements (e.g., adequate supporting policies, procedures, security architectures, reviews/audits) is at considerable risk of failing by design.
Companies that make money from processing/storing/selling/brokering people's sensitive information have a responsibility to safeguard their customer's data. This ISP appears to have failed in that regard.
Hi Mike. Thank you for taking the time to address our questions here on Slashdot.
My understanding is that the potential impact of many of Microsoft's security vulnerabilities occur as the result of a vulnerable service running with full administrative privileges. I also understand that these privileges may sometimes be based on the access rights the current user profile is running with. However, I suspect that it might be possible to limit the rights these services run with, regardless of the rights currently assigned to a user profile. This would help to limit the potential impact of a vulnerable service, which in turn could really improve the security of Microsoft's products. Has any thought been given to this, and if so, what is Microsoft's strategy to address this?
To answer a question raised by several Slashdot readers, the first section of the methodology in the book is titled "Assess", not "Access". The goal with this section is to first assess all of the external and internal factors driving the need for information security in your enterprise, and then moving forward from there.
Thank you Ben, for taking the time to review our book, and a huge THANK YOU! for your kind words. Our intention was to write something that both IT and security professionals can truly get a lot out of, and to be honest we're very happy with the end result. On behalf of Mike, Ron, the good folks at Auerbach, and everyone else who helped out in putting together The CISO Handbook, thank you very much!
Tom August
Slashdot Mirror
Does Sony have the legal right to raise prices? Of course. However, their decision to raise prices immediately after the announcement of her death demonstrates exceptionally poor judgement. Again. IMHO. / “The right to do something does not mean that doing it is right.” - William Safire
One option to consider is seeing whether you can file for an exception. Your company may have an exception policy with respect to the implementation of controls like full disk encryption. If not, you may want to ask them to implement one as it's a fairly standard practice. The security folks may want you to explain to them (in writing) why you can't implement the control, why you don't believe there's risk, and what possible other mitigating controls exist to minimize or eliminate the risk of not using full disk encryption, but with that you might be able to file for an exception. Just a thought.
FWIW, RC1 for Windows imported only a few of my v2 bookmarks and won't allow me to import a backup html of them into v3. It also blew out my v2 cookies. Just a heads up for those considering installing RC1 - backup your bookmarks and cookies. I had to uninstall RC1 and reinstall v2 just to be able to use my bookmarks.
"tailored to provide the perception of security rather than tackling actual security risks." Isn't this also the mission statement for the TSA?
...when he said that "The Network is the Computer" back in 1984. People mainly need an inexpensive & fun way to connect to the Internet, and with Internet-enabled phones, PDA's, and handheld devices becoming more ubiquitous, it would make sense that PC sales might slump. That doesn't mean that PC's are going away any time soon, it just indicates that the PC market is reaching maturity and saturation.
I'm sorry, but I disagree with your assertions here. If I pay for the rights to something, I've bought the right to use (and reuse) it as I will, without obstruction or degradation. Embedding hidden content or artifacts degrades the product I've purchased. Does that make me an advocate for theft? I don't think so - I own over 1,200 CDs.
No offense intended, but when you say "almost certainly", "there's a decent chance", and "will probably" that means that you don't really know and are making assumptions and/or generalizations. I'm not so forgiving in my view of this ISP's actions - it appears that they messed up big time. While I completely agree that there's a lot of FUD in the security marketplace these days, it's the responsibility of management to hire people who know this stuff cold. People who know that it's "People, Process, and Technology" - in that order. Any company that goes and implements Technology (i.e., a security product) without first considering People (e.g., training & hiring competent people) and Process elements (e.g., adequate supporting policies, procedures, security architectures, reviews/audits) is at considerable risk of failing by design. Companies that make money from processing/storing/selling/brokering people's sensitive information have a responsibility to safeguard their customer's data. This ISP appears to have failed in that regard.
Hi Mike. Thank you for taking the time to address our questions here on Slashdot. My understanding is that the potential impact of many of Microsoft's security vulnerabilities occur as the result of a vulnerable service running with full administrative privileges. I also understand that these privileges may sometimes be based on the access rights the current user profile is running with. However, I suspect that it might be possible to limit the rights these services run with, regardless of the rights currently assigned to a user profile. This would help to limit the potential impact of a vulnerable service, which in turn could really improve the security of Microsoft's products. Has any thought been given to this, and if so, what is Microsoft's strategy to address this?
To answer a question raised by several Slashdot readers, the first section of the methodology in the book is titled "Assess", not "Access". The goal with this section is to first assess all of the external and internal factors driving the need for information security in your enterprise, and then moving forward from there.
Hope that helps!
Tom August
Thank you Ben, for taking the time to review our book, and a huge THANK YOU! for your kind words. Our intention was to write something that both IT and security professionals can truly get a lot out of, and to be honest we're very happy with the end result. On behalf of Mike, Ron, the good folks at Auerbach, and everyone else who helped out in putting together The CISO Handbook, thank you very much! Tom August