Common sense and separation of systems

Somebody recently asked, on the CISSPforum, for some kind of reference supporting the concept that it was a good idea not to do development or testing on production systems.

I think Mim Britt said it best:

“Separation of test and production environments is one of those things that is such basic common sense that it wouldn’t occur to me to have to point to something that says to do it. The first time you test something on your production network and it breaks something else which breaks something else, etc etc etc is the LAST time they will ask you why it has to be done on a separate network.”

Somebody said we should make that into a sigquote, or blog it.  Mim said she’d be flattered if anyone did.  I think it’s a great idea.