Monday, March 05, 2007

Burn before Reading

This email explains, better than I could, what fascinates me about people and security at my company. The email comes from a person who is responsible for keeping track of security-related things we're supposed to be doing. (I've altered the email somewhat to disguise what exactly is being requested.)

The requirements for changing the master password on your systems has changed. The passwords need to change every 186 days but there is no longer a requirement to track this task.

Would the Primary on each system please enter the command to change the password.

Please send a note to your self and keep it for audit purposes just in case it is needed in the future.


So as I read that -- we don't have to track doing it any more, but we should track it just in case we change our minds later....

No comments: