Jim Wildman wrote:
On Wed, 30 Jun 2010, Frank Cox wrote:
<snip>
What is the point of doing a security scan under conditions that are not actually "live"?
It sounds like moving the flammable materials out before a fire inspection, then moving them right back in when the inspector leaves.
What is gained? You're no more secure than you were before the inspection, and and you're no longer running what you had running during the inspection.
For most (large) organizations, security scans have NOTHING to do with increasing security, and everything with being able to answer "Yes" to a question like "Do you regularly scan for known defects?", probably for a VISA type compliance check.
If you don't already know, you really don't want to know about data security in the medical or banking communities.
Heh. Heh. Heh. And don't forget the credit card community. Or the US gov't (and gov't medical community).
mark