Re: [ISN] Army security expert emphasizes vigilance and training

From: InfoSec News (isnat_private)
Date: Fri Apr 05 2002 - 00:28:35 PST

  • Next message: InfoSec News: "[ISN] Firm warns of NetWare security hole"

    Forwarded from: rferrellat_private
    > Speaking at the National High-Performance Computing and
    > Communications Council's annual conference in Newport, R.I., Wright
    > emphasized the need to investigate the so-called key holders -
    > subcontractors and service providers who haven't undergone the same
    > level of background checking as prime contractors.
    I have a personal example of this inconsistent security policy:
    In 1996 I was hired as a contractor to the U.S. Air Force.  I was the
    primary Unix sysadmin and Webmaster for an Air Force installation.  
    Our secure data facility had only four individuals who were allowed 24
    hour unescorted access, and in fact these four were also the ones who
    were required to escort anyone else who needed to come in after hours.  
    I was one of the four, from the day I was hired, with no background
    investigation whatsoever other than, I assume, a simple criminal
    record check.
    The Air Force personnel who were on the unescorted access list, on the
    other hand, were of course required to have secret clearances.
    What's wrong with this picture?
    Robert G. Ferrell
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Fri Apr 05 2002 - 03:22:28 PST