If you're talking about security, then there is a big difference between what controls are available and what you deploy.
> The robber got into a house through a window that was closed but not > locked? That's a defective resident, not a defective window. > IMHO /how/ access is acquired less important than the fact unauthorized > access /was/ acquired. If you're assessing the software then it's important to know whether the security breach was a software problem. If you're assessing the organization then it's important to know how unauthorized access was obtained in order to prevent it from happening again. If you're a judge or juror then it's important to know how access was obtained in order to decide how to assess liability. The only context in which how isn't paramount is for the people doing spin control. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of Grant Taylor <0000023065957af1-dmarc-requ...@listserv.ua.edu> Sent: Tuesday, May 7, 2019 5:13 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: mainframe hacking "success stories"? On 5/7/19 2:54 PM, Seymour J Metz wrote: > RACF database unprotected? That's not a properly secured system, > any more than one with default passwords is. That can be said about MANY things, not just mainframes or open systems. The robber got into a house through a window that was closed but not locked? "That's not a properly secured system." IMHO /how/ access is acquired less important than the fact unauthorized access /was/ acquired. -- Grant. . . . unix || die ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
