What a wonderful case of “Do as I say…not as I do”. The realistic labor and cost implications of information security have alluded the federal government for far too long. DHS clearly does not grasp practical IT management. There is no sound argument as to why basic blocking and tackling has not been performed. DHS has a huge target on its back. It must lead this fight for US government agencies and not hide from it.
This is great information to review and tuck away in your incident response planning book. Also, take the time to educate your users on these types of reporting guidelines.
Congrats to the team at Cisco on obtaining their DHS SAFETY Act certification.
This is legislation worth getting excited about. DHS, IT Security professionals, and universities need to be working together to advance the industry and develop the next generation of cyber defenders.
This yet another example of a successful social engineering attack that bore fruit in the form of DHS and FBI contact lists. These leaks are dangerous and can certainly risk lives.
I could spend a great deal of time discussing the pros and cons of this DHS program, but I won’t. I will remain largely altruistic in my interpretation. Penetration testing is good. Exposing vulnerabilities is good. Hopefully remediation is taking place and the private sector is becoming more aware and more secure.
OK, I lied. Here is a little pessimism Hopefully, these assessments are taking the place of strong internal processes and hopefully they are not being used as a rubber stamp to avoid other sound security practices.
This is disturbing considering the potential impact on financial institutions relying on the US Secret Service for financial fraud investigations and the overall need for protections around our nation’s critical infrastructure. There are certain fights worth fighting in our nation’s capital, but these are not the chips I would choose to gamble with.