Re: Bills aim at raising infosec expertise

[InfoSec News <isn () c4i org>]

Forwarded from: matthew patton <pattonme () yahoo com>

> One piece of legislation, the Cyberterrorism Preparedness Act,
> would create a nonprofit group of academic and industry experts to
> develop a set of best practices for protecting computers and
> networks against cyberattacks.

er, don't we already have SANS, and the various CERTS that publish
this stuff and more? And doesn't the DoD already have a COE standard
that nobody pays attention to? I know this town (I live in DC) can't
possibly live without creating another agency every other week but why
don't we make it a civil and firing offense for sysadmins to ignore
standards? Not to mention everybody and their cousin can get 'an
exception' if they collar the right person. Best practices? Even
Mickysoft has best practices here and there but even so few people
implement them.

Sysadmins all over the world are sloppy, too busy or just plain out of
the loop to secure their systems like they should. (I'm a contractor
for a company here and I can't believe the misconfigured *#)@ I'm
finding.)
 
> sector to adopt the best practices, including an examination of
> whether federal contractors and grant recipients should be
> required to follow the best practices.

And if they don't follow them, why did we spend the effort and the
money? This is more "do something" legislation that will result in
just about bupkis.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.