Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Government Compliance
From: "L. Walker" <lwalker () magi net au>
Date: Tue, 21 Jun 2005 08:50:55 +1000

Comments below.

On 17 Jun 2005 12:59PM, dentonj () gmail com wrote:
That may or may not be true.  The real problem is the lack of control
of the budget.  Those who've worked for the government know that those
who control or can influence the budget have control of what happens. 
Nothing gets the attention of the decision makers faster then knowing
that non-compliance with a new regulation means next years budget
might get cut.  Until "Information Assurance" (the governments buzz
word for computer security) can influence organizations or agencies
budgets, the decision makers are only going to pay it lip service.

Is it lack of control with budget, or political pressure to complete
projects on-time instead of ensuring maximum quality for the projects
deliverables?  As many have said, the pressure is on to "pass the buck", so
to speak.

The other thing that gets decision makers attention is the possibility
of jail time.  Mishandling of classified material can quickly land
someone in jail.  So, classified systems and networks are locked down
pretty well.  The computers and networks that are connected to the
internet do not process classified information.  So if someone breaks
into a government computer via the internet, it's not going to impact
the decision makers.

How so?  Leaked and planted memos and e-mails can hurt political careers.
Just because it's not classified doesn't mean the data isn't important
enough to protect.  Especially when [U.S. Govt.] standards (NIST, etc.)
define how stringent they should be with their security policies.

 - L. Walker

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]