On a similar note regarding my previous post on the Omaha mall incident, apparently the mall has a policy against concealed weapons – and apparently (I haven’t confirmed) there’s a Nebraska state law backing such policies in private businesses in that state. This event not only shows how vulnerable we really are but it’s also a classic case of stupid policies/laws such as this ONLY apply to law-abiding citizens.
In the context of IT security, I actually see and hear of this quite a bit where policies are created for the sake of having a policy, or political correctness, or to satisfy an auditor – whatever – knowing that they’ll do more harm than good or that they’ll never be enforceable. Keep this in mind when creating your own organization’s information security policies. Make them reasonable and enforceable… otherwise they’re just for show and will come back to bite you or someone you care about down the road.
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”