to sum it all up...
1 giant catch 22.
You are damned if you do and you are damned if you do not.
--l
On Thu, 2005-12-29 at 16:35 -0500, bkfsec wrote:
Leif Ericksen wrote:
It comes back to ignorance of the law is no excuse.
Ahh, but there's a BIG difference between willful or unwillful ignorance
and intentional ignorance.
It's one thing to not know a law that you should know; it's a completely
different thing to be blocked from knowing the law and expected to
respect it.
For instance, in securing networks, corporate security personnel in the
United States should be familiar with Sarbanes-Oxley and the like, at
least in passing. Compliance is expected because compliance can be
tested. Not being aware of the requirements of Sarbanes-Oxley is not an
excuse because the law is readily available and transparent. However,
if the government passed Sarbanes-Oxley and then turned around and said
"But for security reasons, the requirements are classified and even the
judges can't see them without clearance..." that would be different.
How can you guarantee compliance with a behavior when you don't have
access to the standard?
This is no different than any other standard of behavior. If people are
not allowed to know the laws, they have no way to verify their
complicity with them. I respectfully submit that the situations are
different in their entirety and that in the case of a classified law,
ignorance is intentionally created as a function of the creation of the law.
Such things cannot simply be written off.
-bkfsec
--
Leif Ericksen <leife@dls.net>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
