David Harley wrote:
>> * Appoint a chief security officer. (It's something that's
>> been mentioned on this list before.) It would be great to
>> have someone at the top thinking about security full-time.
>>
>
> What, like Microsoft do? ;-)
>
Actually, having security officer is not a bad idea, if your business
can afford it.
Security is such a broad field (and it does go way beyond setting up
firewall rules) that any company with more than handful of employees
should think about that. Of course, security officer is not cheap, and
he's not a firefighter or bodyguard. But, knowing that you have someone
who know the outlook of your security, where the holes are and what can
be done about them - it's just great. Add to that the fact that best
security policies aren't written by programmers nor marketing managers,
but the very people who take security as their full time job and
profession.

>> Anyone else have thoughts on promoting and educating common sense?
>>
>
> Actually, I think Apple could do worse than look at what M$ have done over
> the past few years (I said look at, not slavishly copy!)
<rant mode on>
If they're looking the way Microsoft has considered security in the
past, they're doomed to repeat their mistakes. Out of myriad more
secure solutions, looking at someone who got it the ugly way is like
going to the restaurant, walking into the kitchen area full of chefs and
then asking a waiter for a recipe.
<rant mode off>

[ reply ]