I really enjoyed reading Andrew’s article on “The Mainframe Conundrum” and would highly recommend that anyone else in IT in the financial area, or other critical infrastructure areas should also read it.

Since starting my new job this sort of issue has definitely come up on a number of occasions. Not always directly linked to problems with trying to apply security concepts to legacy type systems (or the people who support them), in fact probably more often involved with general IT people who don’t understand the insider risk. In any case, similar to what Andrew discusses, the solution to these types of problems can be tackled by effective awareness, training and support.