Forwarded from: matthew patton <pattonmeat_private> > One piece of legislation, the Cyberterrorism Preparedness Act, > would create a nonprofit group of academic and industry experts to > develop a set of best practices for protecting computers and > networks against cyberattacks. er, don't we already have SANS, and the various CERTS that publish this stuff and more? And doesn't the DoD already have a COE standard that nobody pays attention to? I know this town (I live in DC) can't possibly live without creating another agency every other week but why don't we make it a civil and firing offense for sysadmins to ignore standards? Not to mention everybody and their cousin can get 'an exception' if they collar the right person. Best practices? Even Mickysoft has best practices here and there but even so few people implement them. Sysadmins all over the world are sloppy, too busy or just plain out of the loop to secure their systems like they should. (I'm a contractor for a company here and I can't believe the misconfigured *#)@ I'm finding.) > sector to adopt the best practices, including an examination of > whether federal contractors and grant recipients should be > required to follow the best practices. And if they don't follow them, why did we spend the effort and the money? This is more "do something" legislation that will result in just about bupkis. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Jan 31 2002 - 06:14:09 PST