I am yet another newbie to this list and to the internet. I am a data security analyst for a financial institution on Wall St., USA. My background is in legacy systems (Tandem, DEC, MVS, Stratus) in a glsshouse environment and am thrust (like many of my colleagues) into the latest craze to sweep MIS companies across the known world -- Client/Server (HP-UX) technology!! SIAC is slowly migrating its legacy systems to C/S. I am currently in 'sponge-mode' when it comes to C/S info. security, but hope one day to be in a position to contribute to such lists as IDS. I am currently experiencing 'techno-streSSSSS' over all this new info -- Does anybody else ever feel this way? One observation that I have noticed, since surfing the 'Net looking for security info. is the lack of information about how to sell information security to the corporate culture. Is there a list for such a thing? Sorry for getting off the beaten path, surely you'll let me off the hook this once?