Re: Army security expert emphasizes vigilance and training

[InfoSec News <isn () c4i org>]

Forwarded from: rferrell () texas net

> Speaking at the National High-Performance Computing and
> Communications Council's annual conference in Newport, R.I., Wright
> emphasized the need to investigate the so-called key holders -
> subcontractors and service providers who haven't undergone the same
> level of background checking as prime contractors.

I have a personal example of this inconsistent security policy:

In 1996 I was hired as a contractor to the U.S. Air Force.  I was the
primary Unix sysadmin and Webmaster for an Air Force installation.  
Our secure data facility had only four individuals who were allowed 24
hour unescorted access, and in fact these four were also the ones who
were required to escort anyone else who needed to come in after hours.  
I was one of the four, from the day I was hired, with no background
investigation whatsoever other than, I assume, a simple criminal
record check.
 
The Air Force personnel who were on the unescorted access list, on the
other hand, were of course required to have secret clearances.

What's wrong with this picture?

RGF

Robert G. Ferrell
rferrell () texas net



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.