Full Disclosure mailing list archives
Re: Compliance Is Wasted Money, Study Finds
From: Stephen Mullins <steve.mullins.work () gmail com>
Date: Wed, 7 Apr 2010 17:19:37 -0400
You're right, they aren't robots, they're overpaid tech writers that memorized just enough industry jargon and buzzwords to talk the talk without being able to walk the walk. http://www.computerweekly.com/Articles/2010/03/25/240719/Sans-founder-slams-39terribly-damaging39-US-cyber-security.htm SANS Institute founder Alan Paller had some comments about FISMA compliance and C&A professionals. "[They] rewarded ineffective behavior and created a cadre of people who call themselves security professionals but who proudly admit they cannot implement security settings on systems and network devices or find a programming flaw," he said. "Fisma had created and rewarded a culture of compliance rather than security," Paller said. Federal and state governments were "radically short of money", but they were forced to spend it on reporting rather than security, he said. "Writers who know how a few words about security and federal regulations now make 50% to 80% more money than the people who actually secure systems and networks and applications," he said. "It is as if we paid the compliance staff at a hospital more than the surgeons." He said the nation's attention should be on real-time monitoring of its information systems and networks to prevent or mitigate attacks as they happened. "Oversight must be focused on the effectiveness of the agencies' real time defences," he said. On Wed, Apr 7, 2010 at 2:52 PM, <Valdis.Kletnieks () vt edu> wrote:
On Wed, 07 Apr 2010 11:31:28 PDT, J Roger said:That's not entirely the case. Auditors aren't robots.Unfortunately, that's far too often not true. Internal audit departments in particular seem to accumulate people with no real clue, because they *don't* rely on passing the client in order to get the job again next year. They stay around for the next fiscal year by showing a pretty list with "See all the things we found wrong", not by "See all the creative solutions we looked at and decided were in fact OK". _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Compliance Is Wasted Money, Study Finds Ivan . (Apr 05)
- Re: Compliance Is Wasted Money, Study Finds Bert Knabe (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds John Morrison (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Keith Tomler (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds J Roger (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds J Roger (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Stephen Mullins (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Tracy Reed (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Digital X (Apr 08)
- Re: Compliance Is Wasted Money, Study Finds Tracy Reed (Apr 09)
- Re: Compliance Is Wasted Money, Study Finds Nick FitzGerald (Apr 10)
- Re: Compliance Is Wasted Money, Study Finds Thor (Hammer of God) (Apr 10)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 10)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 22)
- Re: Compliance Is Wasted Money, Study Finds Christopher Gilbert (Apr 23)