[EdLUG] [Baen Baen's Bar] Fwd: Re: Fwd: Cybersecurity

Edinburgh Linux Users Group edlug at lists.edlug.org.uk
Wed Feb 20 13:34:51 UTC 2019 

Another reply to the OP in response to a reply from this list.

On 20/02/2019 10:13, dockrin wrote:
> AndrewR wrote on Tue, 19 February 2019 13:55
>
>     Another reply
>
>
>
>     -------- Forwarded Message --------
>     Subject: 	Re: [EdLUG] Fwd: [Baen Baen's Bar] Cybersecurity
>     Date: 	Tue, 19 Feb 2019 19:51:41 +0000
>     From: 	Edinburgh Linux Users GroupReply-To: edlug at lists.edlug.org.uk
>     <mailto:edlug at lists.edlug.org.uk> To: Edinburgh Linux Users Group
>     Hi Andrew (Obligatory disclaimer: I am neither a lawyer, nor a
>     security professional. The following stems from my experience in
>     general and cannot constitute advice.) On the face of it, yes, if
>     it is an independent professional auditor, they will need full
>     access to the system, or for him to provide proof that everything
>     he is doing meets their requirements. Generally, only full access
>     can provide such proof. Log files only provide minimal insight
>     into what a system has done in the past ; it does not show how the
>     system is configured, and what practices are in place, and whilst
>     your friend's contact may in good faith believe he has a secure
>     system and only his own processes are running on his computers, it
>     is the auditor's responsibility to investigate it for themselves,
>     first hand, and to possibly ferret out anything that was missed by
>     the friend. That is what an audit precisely is. Conversely: If he
>     himself is concerned about their activities, he can seek out a
>     lawyer to provide him with a proper Non Disclosure Agreement
>     contract to have the auditor sign - I wouldn't know it is standard
>     practice, but I think he would be within his rights to require
>     this in turn. If the computers in question are not being used
>     directly to service the organisation or hold the organisation's
>     data who is requiring the audit, there is a question mark over to
>     what extent they can require the audit to be carried out. That's
>     an entirely different question. Tai === Tai Kedzierski Linux
>     Operations and Deployments Engineer RHCSA # 170-060-834 I use
>     LibreOffice , a free, Freedom-respecting replacement for MS Office
>     /Open Source Free Software is a matter of liberty, not price./
>     https://www.fsf.org/about/what-is-free-software On Tue, 19 Feb
>     2019 at 19:12, Edinburgh Linux Users Group > wrote: I just
>     received this email.  Can anyone advise the OP on this question ?
>     Andrew Ramage -------- Forwarded Message -------- Subject: [Baen
>     Baen's Bar] Cybersecurity Date: Tue, 19 Feb 2019 11:32:46
>     -0600vise From: piobair Reply-To: baens_bar at bar.baen.com
>     <mailto:baens_bar at bar.baen.com> Organization: Baen's Bar To:
>     baens_bar at bar.baen.com <mailto:baens_bar at bar.baen.com> Newsgroups:
>     Baen_Baens_Bar The Board of Directors overseeing a friend of mine
>     has decided that they need a security audit by an independent
>     auditor. My friend's entire system is running on Linux with Linux
>     servers and (mostly) thin clients. He put out an RFP and, in his
>     words, they want the keys to the front door in order to see if the
>     china cabinet is locked. Can an adequate audit be made from the
>     /var/log files? -- EdLUG mailing list EdLUG at lists.edlug.org.uk
>     <mailto:EdLUG at lists.edlug.org.uk>
>     https://lists.edlug.org.uk/mailman/listinfo/edlug
>
>     -- 
>     EdLUG mailing list
>     EdLUG at lists.edlug.org.uk  <mailto:EdLUG at lists.edlug.org.uk>
>     https://lists.edlug.org.uk/mailman/listinfo/edlug
>
> -- 
>
> Doc Krin, deep in the Ozarks!
>
>
> A man’s greatest glory is to love his wife and raise his children well 
> // Mankind’s greatest shame is an uncherished child. James Richard Shaver
>
> "You can not leave behind what is always by your side" Richard Castle
>
> The saddest words ever said: "If only...."
>
>
> _______________________________________________
> Baens_bar mailing list
> Baens_bar at bar.baen.com
> http://bar.baen.com/cgi-bin/mailman/listinfo/baens_bar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.edlug.org.uk/pipermail/edlug/attachments/20190220/acd8ecb7/attachment.html>

More information about the EdLUG mailing list