[funsec] High Concept Comedy: Security is Economic!
eballen1 at qwest.net
Wed Sep 5 11:36:55 CDT 2007
On Wed, 5 Sep 2007, Valdis.Kletnieks at vt.edu wrote:
> The benefit of lowering it from N to N*0.95 needs to outweigh the costs of
> the care and feeding of said beast.
Wait, you mean that "security" is an economic good, with costs (direct
and opportunity) and benefits that must be balanced!?!
What a concept! Unfortunately, a concept TOO COMPLEX for the average
manager (much less CX0-leveler) to understand.
Why, just last Wednesday, I was informed that Sarb-Ox demands that all
source code files sport an elaborate, COBOL-style "flowerbox" full of
irrelevant, and possibly uninformative details about work sets and
dates and modifer-IDs. Now, there's some make-work I can get behind,
since Sarb-Ox *doesn't* demand that developers put in any comments on file
check-in to the version control system, nor do we have to tie a check-in
to a change request or other requirement. Nevertheless, THE FLOWERBOX
IS REQUIRED, costs be damned.
That's what a manager can understand, the 3 Great Traditions of Sarbanes
Oxley: Rum, Requirements and The Lash.
Will sarcastic and/or sardonic humor make it "fun" enough, or is the low
information content and context-dependency of said sarcasm or sardony
not enough to clear the High Hurdle of "fun"sec?
More information about the funsec