Forwarded from: H C <keydet89at_private> > Interesting information provided here, not only does the > government and industry not communicate, but, the government and > those inside do not communicate. Old news. I'm currently trapped inside the defense contracting dungeon, and I'm constantly being informed about this by the non-technical managers. In fact, many contracting firms use this to their advantage...even to the point of doing the same work for multiple customers. After all, gotta meet the revenue numbers, right? About every quarter we hear from the GAO about how bad security is within the gov't. Every couple of months, yet another report on the FAA or IRS or some other three-letter gov't agency comes out. If it's nothing new...is it news? How many ineffectual agencies do we need? I mean, we've already got NIPC, right? Nothing came of the Senate subcommittee hearings we've already had...other than the rather humorous report that Mudge couldn't get his travel reimbursed...so what can we expect now? On the flip side of things, though, even in the commercial sector, the vision isn't all rosy and bright. Infosec is just common sense, yet it isn't done. Consultants are paid beaucoup $$, and nothing is done. Insurance companies offer coverage for protected networks, and still no security. Now, it's going to become a law. Hhhhmmmm. So, what happens if the corporation or federal agency isn't in compliance w/ the law? Do they get fined? If so, does that not, in effect, serve a more potent function than, say, a web page defacement? - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Feb 01 2002 - 06:09:33 PST