The Failure of Information Security 172
Noam Eppel writes to share a recent editorial regarding the current state of information security. From the article: "It is time to admit what many security professional already know: We as security professional are drastically failing ourselves, our community and the people we are meant to protect. Too many of our security layers of defense are broken. Security professionals are enjoying a surge in business and growing salaries and that is why we tolerate the dismal situation we are facing. Yet it is our mandate, first and foremost, to protect."
Where is our backup? (Score:1, Informative)
US Govt IT security - waste waste waste (Score:1, Informative)
Bet for every $100 spent on the paperwork, less then $1 is spent actually securing systems. The IT security officer's budget dwarfs the dissemination budget and our information saves lives.
We have more contractors reviewing C&A's then programers creating code to deliver our information. Out of this army of contractors, there is a single USG employee who is an outstanding system security engineer and is someone we can go to for a technical solution. And the line outside this guy's cube is long.
And the joke of it all is after all this review, GAO still gives us a grade of D-.
Errare humanum est. (Score:3, Informative)
More troublesome is if a problem happens later, and although you are not held responsible (having sensibly covered your ass beforehand as above), you're told to "cover it up". If your company has an omsbudsman, a rapid visit is in order; otherwise, lawyer up and find a new job... fast.