The InfoSec Blog

how does hydrochlorothiazide affect prednisone triphala powder tea amoxil and aspirin atomic structure of calcium carbonate hoodia now breast augmentation western new york ultram sexual side effects cla study guide william s jula randiance 150 hi brite altace lisinopril melatonin and synthroid hoodia cjb8256 ingredients in zithromax coumadin colors usual dose for men viagra maximum dose of tramadol fda warning singulair zyvox mrsa prednisone eye drops relieve body pain blue vision with viagra aleve tradename buy detrol tramadol with dogs remeron efficacy intervenous dilantin will tramadol help backpain and headaches perilymphatic fistula and lasix treatment how much lamictal is fatal chitosan allergy florida hoodia gordonii

On one of the professional forums I subscribe to there was a request for “references” to justify the separation of development and production networks and facilities.  It seems some managers “don’t get it” when it comes to things like change control and undocumented and unplanned changes.  Many guidelines discuss this, but its seems that some key ones like NIST and ISO-27001 do not explicitly mandate it, and some managers use this as a reason to not do it.

Some of us security droids find this frightening.

My colleague Miriam Britt managed to sum up the reasons why one should have separation quite sussinctly and forcefully.  With her permission I have copied her reasoning here and I hope many people will either reference this or copy it to their own blogs.  This kind of straight forward statement needs a wide exposure.