Have a laugh on me...

[dgcombs at gmail.com (Dan McGinn-Combs)]

Interestingly enough, I happened to get one of those nasty emails at my
company the other day: "click here and run this vital update!" things. I
forwarded it on to IT and send a sanitized version to the CTO and VP of HR
requesting we start a simple security awareness program. Both responded that
they hadn't seen that email. End of discussion. Last night, the VP of HR got
the same message and in a panic sent me a quick note, "please advise - how
do we block this?".
I'm trying again with the security awareness program... again.

Happy Security Awareness
Month<http://www.dhs.gov/files/programs/gc_1158611596104.shtm>.
And for what it's worth it's also Cephalopod Awareness
Day<http://scienceblogs.com/pharyngula/2007/10/its_international_cephalopod_a.php>this
month. Which one do YOU think is getting more attention?

Dan

On Mon, Oct 12, 2009 at 5:01 PM, Kennith Asher <herrasher at gmail.com> wrote:

> I really like Craig's idea of proposing the solution rather than pulling
> the plug.  If the boss says no, the scope of change, cost and impact are all
> documented as well.  I also like the idea of demonstrating the failure via a
> pen test or via a simple hack.
>
> CYA is personally important but there is nothing at all satisfying about
> losing employment because your company was sunk by a hacker especially if
> you could have done something about it.
>
> --
Dan McGinn-Combs, Security+, GSEC, CISSP, CISA
dgcombs at gmail.com
Google Voice: +1 404 492 7532
Peachtree City, Georgia USA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091013/c98aafd4/attachment.htm