On Mon, May 24, 2010 at 6:31 PM, Ryan Pugatch <r...@linux.com> wrote: > Robert Hajime Lanning wrote: > >> Education only goes so far. You still need the policy. In fact the two >> go hand in hand. There should be a policy, with the education on why >> the policy exists and how to follow the policy. >> >> In the end, you will need something to enforce. You always end up with >> chronic abusers. Having a policy will allow something to be done about it. >> >> Unless the business owners do not care about the business or it's >> Intellectual Property, you need enforcible security. >> >> This is not just IT, this also goes with physical security. Must always >> have badge. Must not allow people to tailgate into building. (Company >> I used to work at has had a big issue with that. People walk onto >> campus, tailgate in the door and walk out with notebooks. Big policy >> plus education steps being taken.) >> > > I agree. Rather than running out with policies you must inform about > the reasoning, etc. > > Ryan >
Providing reasoning and explanation is a good thing, but you also need to be careful of getting into a discussion or debate. When conveying the policies, people need to know that these are the policies, here's why, and that's how it is. You are providing reasoning to give them background on the "why", not to open it up to debate. However, it's easy to let the conversation slide into an area where people disagree or don't like the policy, so they think they are in a position to ignore them because they didn't agree with the reasoning. It's a fine line, and something to watch out for. _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
