|
And why I've been harping on having stated regulations which put in place financial penalties and in the case of gross negligence, jail time. None of these behaviors will change unless organizations and individuals get hit where they do care which is losing money or losing their time sitting in a cell.
The examples of the errant USB device being plugged into an air gapped computer is one example. But many people don't focus on other vectors such as the firmware that's installed in many of the subcomponents of devices. This brings up supply chain security. Many Federal agencies require TAA certified products. Some require BAA. But these come at an additional cost. Some OEMs go one step further to offer up secure supply chain services. Again at an additional cost. Then there's the software. The Solarwinds hack shows how things can go terribly wrong with a trusted software company. Even at the basics such as firmware updates. How many IT staffers spend the time to ensure the firmware is pristine by doing hash comparisons with the OEM's official hash?
__________________
Quote:
Originally Posted by Lups
We might not be in an agreement on Trump, but I'll be the first penis chaser here to say I'll rather take it up in the ass than to argue with you on this.
|
|