Re: Government Compliance

From: frank_kenisky@psc.uscourts.gov
Date: Thu Jun 16 2005 - 15:09:05 EDT

Next message: Jeffrey Denton: "Re: Government Compliance"
Previous message: Todd Towles: "RE: Government Compliance"
Maybe in reply to: Security Professional: "Government Compliance"
Next in thread: Jeffrey Denton: "Re: Government Compliance"
Reply: Jeffrey Denton: "Re: Government Compliance"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

('binary' encoding is not supported, stored as-is) Thanks goodness they changed the forums fomat. Someone is using their heads for something other than a place to hang a sweater cap.

That said, I have replied to Dave and sympathize with his plight. I too am with a "Gov Agency". Probably not the one Dave's associated with. Through my years I have learned one thing within the Gov, power and knowledge are not one and the same.

Information Security within the gov is an oximoron. Most agency CIO's and CISO's have about as much knowledge of Information Security as the half a sleep rent a cop downstairs checking badges.

Now I don't want to get off on a rant here but, one agency I worked with as an Information Security Auditor (for the Inspector General) investigated me after I supervised a contracted pen test team for breaking into the email of the agency IG. Short story, apparently at one of the sites we tested there had been a problem with an employee embezzling funds in excess of $500,000.00. The IG was investigating the problem on site and also had a presence there. When one of the pen testers asked me, 'What does OIG stand for?' it quickly raised a red flag with me.

I asked who were the emails from and to? The pen tester stated the names of the IG himself and other investigators. I made the decision to take the information as evidence to show the IG that we needed to have our own domain and separate subnets and use encryption for communications. Instead of realizing the benefit of this they put me through two years of an incitement by a Federal Grand Jury.

Today they have retired and are living quietly with their grand children all the while the legacy they left behind has only got worse.

I now work as the Security Specialist with a different agency. My job is simple. I pen test our web sites. Policy, Requirements and legal stuff are not my concern. The sooner he realizes that the power within the Government can only make your life miserable and cost you and your family a lot of heartache and unrecoverable mondy, the sooner he will begin to live a long life.

The Government was here before us and it will be here a long time afterwards without us.

It's frustrating to read the next days headlines about the latest hacked Gov agency. We just had one. Why?, because the powers that be have no knowledge why.

Next message: Jeffrey Denton: "Re: Government Compliance"
Previous message: Todd Towles: "RE: Government Compliance"
Maybe in reply to: Security Professional: "Government Compliance"
Next in thread: Jeffrey Denton: "Re: Government Compliance"
Reply: Jeffrey Denton: "Re: Government Compliance"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:25 EDT