Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Government Compliance

from [frank_kenisky] Network Security [Permanent Link]
Subject: Re: Government Compliance
Date: 16 Jun 2005 19:09:05 -0000 
Thanks goodness they changed the forums fomat. Someone is using their heads for 
something other than a place to hang a sweater cap.

That said, I have replied to Dave and sympathize with his plight.  I too am 
with a "Gov Agency".  Probably not the one Dave's associated with.  Through my 
years I have learned one thing within the Gov, power and knowledge are not one 
and the same.

Information Security within the gov is an oximoron.  Most agency CIO's and 
CISO's have about as much knowledge of Information Security as the half a sleep 
rent a cop downstairs checking badges.

Now I don't want to get off on a rant here but, one agency I worked with as an 
Information Security Auditor (for the Inspector General) investigated me after 
I supervised a contracted pen test team for breaking into the email of the 
agency IG.  Short story, apparently at one of the sites we tested there had 
been a problem with an employee embezzling funds in excess of $500,000.00.  The 
IG was investigating the problem on site and also had a presence there.  When 
one of the pen testers asked me, 'What does OIG stand for?' it quickly raised a 
red flag with me.

I asked who were the emails from and to?  The pen tester stated the names of 
the IG himself and other investigators.  I made the decision to take the 
information as evidence to show the IG that we needed to have our own domain 
and separate subnets and use encryption for communications.  Instead of 
realizing the benefit of this they put me through two years of an incitement by 
a Federal Grand Jury.

Today they have retired and are living quietly with their grand children all 
the while the legacy they left behind has only got worse.

I now work as the Security Specialist with a different agency.  My job is 
simple.  I pen test our web sites.  Policy, Requirements and legal stuff are 
not my concern.  The sooner he realizes that the power within the Government 
can only make your life miserable and cost you and your family a lot of 
heartache and unrecoverable mondy, the sooner he will begin to live a long life.

The Government was here before us and it will be here a long time afterwards 
without us.

It's frustrating to read the next days headlines about the latest hacked Gov 
agency.  We just had one.  Why?, because the powers that be have no knowledge 
why.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Government Compliance, Todd Towles
Next by Date:  Re: Government Compliance, Jeffrey Denton
Previous by Thread:  RE: Government Compliance, Todd Towles
Next by Thread:  Re: Government Compliance, Jeffrey Denton
Indexes:  [Date] [Thread] [Top] [All Lists]