Jim Wildman wrote:
> On Wed, 30 Jun 2010, Frank Cox wrote:
<snip>
>> What is the point of doing a security scan under conditions that are not
>> actually "live"?
>>
>> It sounds like moving the flammable materials out before a fire
>> inspection, then moving them right back in when the inspector leaves.
>>
>> What is gained? You're no more secure than you were before the
>> inspection, and and you're no longer running what you had running during
>> the inspection.
> For most (large) organizations, security scans have NOTHING to do with
> increasing security, and everything with being able to answer "Yes"
> to a question like "Do you regularly scan for known defects?",
> probably for a VISA type compliance check.
>
> If you don't already know, you really don't want to know about data
> security in the medical or banking communities.
Heh. Heh. Heh. And don't forget the credit card community. Or the US gov't
(and gov't medical community).
mark