« Tom Barnett Speaking in Minnesota | Main | Who do you train and how do you train them? »

Comments

Richard Veryard

If you don't know whether the caller is a president or a radio prankster, the best thing to do is to find things to say that fit both contexts.

Like if a caller asks for information about your products, and you suspect it might be a competitor, then you give him a bit of information (in case it is a real customer) but not too much.

I think the task of security in such cases is not to select (and bind to) the most likely reality, but to detect the possibility of impersonation and produce a low-risk response that fits any of the possible realities.

The comments to this entry are closed.