On 2009 Dec 06, at 09:13, Edward Ned Harvey wrote: > The IT people must also complete the survey. This way, it’s not purely a > users-get-everything love fest at the expense of security. Because the IT > peoples’ job goals include security.
Working in security, with sysadmins, I find that most of the IT people consider security something that is at best a necessary evil, at worst, something to actively circumvent. I've had too many senior system administrators who admitted that if faced with two options, one more secure than the other, they'd always pick the less secure option because they found security too annoying, too bothersome. (This was part of their argument for not permitting SSH to be installed a number of years back, even though it would simplify their convoluted solution to the X display issue.). I actually find that non-IT people often understand the importance of security better than others. Most of my time is spent explaining to IT people (application support, developers, system administrators, et cetera) that security is good and should be done. Many of these IT people see nothing wrong with giving anyone who asks the root password. "Well, we're all one company" is one attitude I see a lot. I also see application admins and developers claiming to have sysadmin experience and that they think that sysadmin is a junior job that is only done by those who can't handle development or application support work, so don't get in the way of the senior people doing it for those junior people. Any survey system is going to have a significant problem with a culture like that. It isn't that those protecting security are doing anything wrong, but it is different from what the less security minded IT people want, and that means they are unhappy, bitterly so, and will skew the results. ---- "The speed of communications is wondrous to behold. It is also true that speed can multiply the distribution of information that we know to be untrue." Edward R Murrow (1964) Mark McCullough mmc...@earthink.net _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
