OT: “But it’s Encrypted”

Posted on November 18th, 2011 in General Security,Off Topic by dglosser

At my “real job”,  I’m constantly getting push back from users,  ops people (netadmins sysadmins, etc) and developers about security.  For example:

  • “This isn’t the pentagon”
  • “We can’t do our work”
  • “But it’s encrypted and the key is only by two different people”
  • “You say it’s an security issue but we haven’t been hacked so far so how much of a risk can it be”

At first glance, of these statements seem valid and reasonable (especially when it’s presented to upper management).

When management comes to you with these statements,  these needs to be simple, concise answers (maybe two, for both technical and non-technical users)

How many of you have received these arguments from users?
What other arguments have you received?
How have you responded?   (especially if you “won” the argument and convinced the user and manager)

We’ll collect the responses and summarize. Email us at 12malware8domains789@32gmail33.com33 (remove numbers)

Comments are closed.