Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Government Compliance

from [L. Walker] Network Security [Permanent Link]
Subject: RE: Government Compliance
Date: Tue, 21 Jun 2005 08:50:55 +1000 
Comments below.

On 17 Jun 2005 12:59PM, dentonj@gmail.com wrote:

That may or may not be true.  The real problem is the lack of control
of the budget.  Those who've worked for the government know that those
who control or can influence the budget have control of what happens. 
Nothing gets the attention of the decision makers faster then knowing
that non-compliance with a new regulation means next years budget
might get cut.  Until "Information Assurance" (the governments buzz
word for computer security) can influence organizations or agencies
budgets, the decision makers are only going to pay it lip service.


Is it lack of control with budget, or political pressure to complete
projects on-time instead of ensuring maximum quality for the projects
deliverables?  As many have said, the pressure is on to "pass the buck", so
to speak.


The other thing that gets decision makers attention is the possibility
of jail time.  Mishandling of classified material can quickly land
someone in jail.  So, classified systems and networks are locked down
pretty well.  The computers and networks that are connected to the
internet do not process classified information.  So if someone breaks
into a government computer via the internet, it's not going to impact
the decision makers.


How so?  Leaked and planted memos and e-mails can hurt political careers.
Just because it's not classified doesn't mean the data isn't important
enough to protect.  Especially when [U.S. Govt.] standards (NIST, etc.)
define how stringent they should be with their security policies.

 - L. Walker
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: code analysis, Aleksander P. Czarnowski
Next by Date:  Re: extracting passwords from ethereal dump, David Eduardo Acosta RodrÃguez
Previous by Thread:  Re: Government Compliance, Jeffrey Denton
Next by Thread:  Internal Penetration test, Md Ridzwan
Indexes:  [Date] [Thread] [Top] [All Lists]