Too many wanna be Chiefs, and never enough Indians [3]. Unless of course, you mistake Indians in this statement, for Indians coming from out of India. I make the latter statement to ensure that my words do not get lost in translation. My “Indian” may not meet your interpretation of “Indian.” But back to the issue, and the relevancy here. My statement annoyed someone enough to comment: “Most enterprises that follow any "decent" framework should have an auto lockout policy.” There is nothing broken with this statement. I am offering an opinion, therefore why would I use the word: “MUST” or even infer to anyone that I will “beat the drum slowly until they listen to me.” I was making an observation and responding. Whether or not an organization uses a framework was beyond the scope of my answer. “SHOULD HAVE” is a matter of “if you don’t you may want to look into it.” “Should have an account lockout policy” I don’t need to chime in with buzzwords of holistic …show more content…
I believe they can help more than harm, which is why I often comment. What some don’t realize are a few things. Sometimes I am commenting out of sarcastic/dark humor, other times I am bored, some times I will opine strongly with my beliefs on security that is based on REAL WORLD experience. Not the BS some may read in some wonderfully boring ISC^ books, or COBIT manuals. I’ve read those too, they’re boring, and here is an eye opener – if they even remotely worked as much as fan boys and girls thought, breaches should have been down two decades ago, so be honest with yourself for a moment. I am only the