"Invisible" <voi### [at] devnull> wrote in message
news:48623bdc$1@news.povray.org...

Here's a couple more I've done to my auditors.

"Am I correct in saying that this is a potentially very large security
hole?"
"Yes"
"What plans are in place to resolve this?"
"None."

"So, this single desktop machine is reponsible for monitoring all the
servers in the environment. What happens if it fails?"
"We all go home early."

"What security policy applies to the passwords?"
"The domain's configured security policy."
"That's not possible"
"Are you calling me a liar?"

"Why are there disk errors dating back 4 months on this server"
"Because the server team can't be bothered to replace the faulty hard drive,
and no one cares about the system anyway"

"Who is replacing you when you leave?"
"No one. Management has just decided that my position is unnecessary."

Post a reply to this message