On 23 Oct 2002, Gary Nichols wrote:

> On Wed, 2002-10-23 at 20:54, Scott wrote:
> > The AVP of IS (my boss) then proceeded to cut me off 
> > at the knees by telling me I could not spend any money, hire any 
> > expertise, had responsibility - but no authority (this was implied), 
> > etc.  
> 
> Welcome to the world of Information Security.  Bend over please.
> 
> > Based on some recent happenings - someone figured out how to install an 
> > unauthorized proxy server that bypassed all security checks - they wouldnt 
> > have a thing to worry about, as it most likely would never be noticed.
> 
> And you just so happened to have all the proper security policies
> (including a network security and sanction policy) in place to properly
> remove this person from their status of "employed", right?  :-)
> 
> Sometimes in your situation it's best to do what you can with what you
> have, draw up proposals and persuasive arguments for what you need and
> hope the stars are aligned when you ask for it.
> 
> A security manager with no power is as useful as a razor to a bald man.
> 
> Let's all hope your $boss gets clued in.
> 
> Best of luck,
> 
> Gary
> 
> 
> 
> 
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 

Policies & Procedures?!?  Not likely to happen at my place of employment 
for lots of reasons - one being that upper mgt will not stand behing/back 
them up.  The few that we do have are hidden - I inquired why, received no 
intelligent answer - and only available to managers and above.

Oh well.  Like I said, I WAS the IS Security Mgr.  After 10 months of 
banging my head on the wall, I just gave up and went back to System Admin 
(at least that group was happy (really!) to have my back).

scott