Re: Need a Security Consultant

• To: www-security@ns2.rutgers.edu
• Subject: Re: Need a Security Consultant
• From: Vassilis Risopoulos <risopoul@informatik.uni-hamburg.de>
• Date: Thu, 4 Jul 1996 14:03:31 +0200 (MET DST)

 > > Thanks for the benefit of a doubt.  As the last sentence seems to be 
> directed to the companies who have experienced ISOs, I'll answer for 
> Fortified Networks.
 > While I was there, we achieved and sustained the *highest* level 
> of measurable information security of any country in the world.  
> This compliance streak continued for over *continuous* 4 years.  
> While I was there, we withstood numerous hacking attacks and never 
> had a successful breakin.   
Free quoting from a known Internet Security book:
"If you want to impress a security expert tell him you've only been broken into twice in the last four years. If you say you've never had to suffer a succesfull attack he'll dismiss you as ignorant".
If you tell me you had a system that had unbreachable defenses for four years straight, I won't buy it - I'll propably think you didn't even notice the attack.
If you tell me that once in these four years somebody broke in but you were able to patch the damage and the hole in less than three days than I'll give a second thought to what you say.
No offence intended with these words - just that I don't think any system can be that secure.
Vassilis.-

• Re: Need a Security Consultant
• From: hallam@Etna.ai.mit.edu

• Previous: Re: BoS: *** SECURITY ALERT *** (fwd)
• Next: RE: COMMENT: Cookie dough (fwd)
• Index(es):
  • Index
  • Thread