Question came up on our security and compliance meeting at work today. I thought I'd solicit some opinions...
A number of device makers and IT professionals are learning their secretly-compromised-by-the-NSA hardware/software is not so secure.
article is Dell specific, but MS and others have provided exploits to NSA
http://www.techdirt.com/articles/201...bios-bug.shtml
$64,000 question: at what point does the government/auditors start telling us our security is inadequate because it’s vulnerable to now-public NSA exploits?
Will we rely on private orgs to come out with patches and updates or will the public companies issue patches and updates to correct the exploits?
Ethics of the NSA, Snowden, Companies aside. As info-sec professionals our job is to protect the data we've been entrusted with.
Most articles I've seen online for CSO's and ISO's have been about how to defend against insider threats..."is there a Snowden lurking in your company" and not how to defend against the exploits made public.
A number of device makers and IT professionals are learning their secretly-compromised-by-the-NSA hardware/software is not so secure.
article is Dell specific, but MS and others have provided exploits to NSA
http://www.techdirt.com/articles/201...bios-bug.shtml
$64,000 question: at what point does the government/auditors start telling us our security is inadequate because it’s vulnerable to now-public NSA exploits?
Will we rely on private orgs to come out with patches and updates or will the public companies issue patches and updates to correct the exploits?
Ethics of the NSA, Snowden, Companies aside. As info-sec professionals our job is to protect the data we've been entrusted with.
Most articles I've seen online for CSO's and ISO's have been about how to defend against insider threats..."is there a Snowden lurking in your company" and not how to defend against the exploits made public.
via JREF Forum http://forums.randi.org/showthread.php?t=271185&goto=newpost
Aucun commentaire:
Enregistrer un commentaire