Re: [ISN] Bills aim at raising infosec expertise

From: InfoSec News (isnat_private)
Date: Thu Jan 31 2002 - 02:04:33 PST

  • Next message: InfoSec News: "RE: [ISN] Bills aim at raising infosec expertise"

    Forwarded from: matthew patton <pattonmeat_private>
    
    > One piece of legislation, the Cyberterrorism Preparedness Act,
    > would create a nonprofit group of academic and industry experts to
    > develop a set of best practices for protecting computers and
    > networks against cyberattacks.
    
    er, don't we already have SANS, and the various CERTS that publish
    this stuff and more? And doesn't the DoD already have a COE standard
    that nobody pays attention to? I know this town (I live in DC) can't
    possibly live without creating another agency every other week but why
    don't we make it a civil and firing offense for sysadmins to ignore
    standards? Not to mention everybody and their cousin can get 'an
    exception' if they collar the right person. Best practices? Even
    Mickysoft has best practices here and there but even so few people
    implement them.
    
    Sysadmins all over the world are sloppy, too busy or just plain out of
    the loop to secure their systems like they should. (I'm a contractor
    for a company here and I can't believe the misconfigured *#)@ I'm
    finding.)
     
    > sector to adopt the best practices, including an examination of
    > whether federal contractors and grant recipients should be
    > required to follow the best practices.
    
    And if they don't follow them, why did we spend the effort and the
    money? This is more "do something" legislation that will result in
    just about bupkis.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Jan 31 2002 - 06:14:09 PST