Almost as a corollary to the previous post, we have this one…
Yoran and Spaf’s Law
In his book “Practical Unix and Internet Security,” Professor Gene Spafford of Purdue University spells out Spaf’s first principle of security administration: “If you have responsibility for security but have no authority to set rules or punish violators, your own role in the organization is to take the blame when something big goes wrong.”