RE: Bills aim at raising infosec expertise

[InfoSec News <isn () c4i org>]

Forwarded from: H C <keydet89 () yahoo com>

> Interesting information provided here, not only does the
> government and industry not communicate, but, the government and
> those inside do not communicate.

Old news.  I'm currently trapped inside the defense contracting
dungeon, and I'm constantly being informed about this by the
non-technical managers.  In fact, many contracting firms use this to
their advantage...even to the point of doing the same work for
multiple customers.  After all, gotta meet the revenue numbers, right?

About every quarter we hear from the GAO about how bad security is
within the gov't.  Every couple of months, yet another report on the
FAA or IRS or some other three-letter gov't agency comes out.

If it's nothing new...is it news?

How many ineffectual agencies do we need?  I mean, we've already got
NIPC, right?  Nothing came of the Senate subcommittee hearings we've
already had...other than the rather humorous report that Mudge
couldn't get his travel reimbursed...so what can we expect now?

On the flip side of things, though, even in the commercial sector, the
vision isn't all rosy and bright.  Infosec is just common sense, yet
it isn't done.  Consultants are paid beaucoup $$, and nothing is done.  
Insurance companies offer coverage for protected networks, and still
no security.  Now, it's going to become a law.  Hhhhmmmm.  So, what
happens if the corporation or federal agency isn't in compliance w/
the law?  Do they get fined?  If so, does that not, in effect, serve a
more potent function than, say, a web page defacement?



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.