RE: CRIME Computers vulnerable at Oregon department

From: Andrew Plato (aplato@private)
Date: Mon Sep 23 2002 - 20:26:26 PDT

  • Next message: Andrew Plato: "RE: CRIME Computers vulnerable at Oregon department"

    I heard this story on OPB this morning ... and promptly sent them an Anitian packet. :-) 
    
    This is a sad story because I would bet that a lot of these issues could be cleared up with some basic security improvements. In my travels around the server rooms of some of the Pacific Northwest's and California's largest employers and state agencies, I've come to realize that security is still very weak. Some basic things, like developing a security policy, are totally non-existent. 
    
    Nevertheless, this gets back to my question I posed at the cyberhall town meeting last month. We can sit around and talk about how important it is to be secure, but at the end of the day SOMEBODY has to sign the check to pay for all this work. Even modest changes have cost. And its very hard to convince organizations that they need to invest in security when budgets are being slashed and mere survival is in question. 
    
    I think this is an excellent area where the federal government could show some initiative. Modest grants to the states to improve information security would not only help stop fraud (including fraud perpetrated by terrorists) but it would also put security communities (like ours) to work doing what we do best. 
    
    ------------------------------------
    Andrew Plato, CISSP
    President / Principal Consultant
    Anitian Corporation
    
    (503) 644-5656 office
    (503) 201-0821 cell
    http://www.anitian.com
    ------------------------------------
    
    > -----Original Message-----
    > From: brvarin@private [mailto:brvarin@private]
    > Sent: Monday, September 23, 2002 7:44 AM
    > To: 
    > Subject: CRIME Computers vulnerable at Oregon department
    > 
    > 
    > 
    > This'll make you feel good....with our current budget, does 
    > anyone seeing
    > security actually improving?
    > 
    > And this quote is classic "I will never divert program money to serve
    > people to take care of these data security issues," Mink 
    > said. "We've got
    > security interests competing against service interests."
    > 
    > But it's ok to divert program money to criminals who steal it from the
    > state!
    > 
    > http://www.oregonlive.com/news/oregonian/index.ssf?/xml/story.
    > ssf/html_standard.xsl?/base/front_page/1032782122290112.xml
    > 
    > to be a legally binding signature.
    > 
    > 
    > 
    



    This archive was generated by hypermail 2b30 : Mon Sep 23 2002 - 21:24:40 PDT