This is cache of http://www.schneier.com/blog/archives/2008/08/security_idiocy.html. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
Security Idiocy Story
2008-08-06 13:52:17 by schneier in Schneier on Security
 

From the Dilbert blog:

They then said that I could not fill it out - my manager had to. I told them that my manager doesn't work in the building, nor does anyone in my management chain. This posed a problem for the crack security team. At last, they formulated a brilliant solution to the problem. They told me that if I had grocery bag in my office I could put the laptop in it and everything would be okay . Of course, I don't have grocery bags in my office. Who would? I did have a windbreaker, however. So I went up to my office, wrapped up the laptop in my windbreaker, and went back down.

People put in charge of implementing a security policy are more concerned with following the letter of the policy than they are about improving security. So even if what they do makes no sense -- and they know it makes no sense -- they have to do it in order to follow "policy."

 
Tags: security, security policy, policy, crack security team, office, laptop, dilbert blog, grocery bag, grocery bags
 
 
 
 
 
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia