<div dir="ltr"><div class="gmail_extra"><div>On Mon, Nov 10, 2014 at 8:19 PM, David L. Anselmi <span dir="ltr"><<a href="mailto:anselmi@anselmi.us" target="_blank">anselmi@anselmi.us</a>></span> wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">Aaron D. Johnson wrote:<br>
> David L. Anselmi writes:<br></span><br></blockquote><div><snip> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<span class=""><br>
> Perhaps that's what your security guys are after. Perhaps not. Hard<br>
> to say unless their policy docs have a rationale statement for each<br>
> policy. Heck, _they_ probably don't know themselves. :)<br>
<br>
</span>Yes, so that's my complaint. Their policy is that files must be encrypted before sending via SFTP.<br>
But there's no rationale and if I pin them down I'd bet the answer is they don't know. Or they'll<br>
agree but stick to their policy because "more is better" or "it can't hurt".</blockquote><div><br></div><div> </div></div>Well, it doesn't hurt them if it comes out of /your/ budget. How about theirs? Sometimes I just ask them to prioritize the list, and sometimes I offer trades. "I have time to either implement this requirement which is silly and you don't know why we do it, or do this other one that you really want. Which would you like?" The real trick is to offer them something in return you want to do anyway. Muhahahaha!</div><div class="gmail_extra"><br></div><div class="gmail_extra">-- </div><div class="gmail_extra">Andrew Diederich</div></div>