On Tue, Apr 30, 2019 at 6:06 AM Lionel Dyck <lion...@21csw.com> wrote:
> > https://www.computerworld.com/article/3391365/microsoft-tells-it-admins-to-nix-obsolete-password-reset-practice.html#tk.rss_all > > snip: > Like Microsoft and NIST, Pescatore thought periodic password resets are > the hobgoblins of little minds. "Having [this] as part of the baseline > makes it easier for security teams to claim compliance, because auditors > are happy," Pescatore said. "Focusing on password reset compliance was a > huge part of all the money wasted on Sarbanes-Oxley audits 15 years ago. > Great example of how compliance does not*equal security."* > > > -------------------------------------------- > Lionel B. Dyck <sdg> > Senior Software Engineer > 21st Century Software > -- Hopefully somebody with a backbone will take this to heart. IMO, there are two groups in companies who have too much power: Auditors & Accountants. They are critical to a well run company, but, like fire, they are good servants but bad masters. The z people here don't have much problem with auditors. They ask for a periodic SETROPT DISPLAY listing and go away happy, convinced that all is well. Bean counters aren't happy until the budget is $0.00 for everything. I would say more, but it would be against my best interest. This is clearly another case of too many mad scientists, and not enough hunchbacks. Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
