"10 Steps to Cyber Security"
But do these ten steps protect you from the spooks themselves ?
GCHQ is advising organisations to consider stripping staff of smartphones and memory sticks in order to make themselves less exposed to cyber attacks. The advice from the intelligence agency's CESG (Communications-Electronics Security Group) information assurance arm comes against a backdrop of increased concerns about the theft …
But do these ten steps protect you from the spooks themselves ?
"Staff in general are the "weakest link in the security chain" and disgruntled employees and the mischief they can create are a particular threat, the spooks advise."
I this is the case the why not immediately disband the entire GCHQ as it in itself presents the greatest risk to the country and it's people.
Gassing office workers is also an acceptable solution. You need to discuss this with the union rep first though, wouldn't want to take any rash measures.
"wouldn't want to take any rash measures."
I'm sure there are nerve agents available that will deal with the employees discretely, without any rash showing...
Sounds like a BOFH job to me .. :)
I'm sure there are nerve agents available that will deal with the employees discretely
Why do it discretely? Just do them all in one batch.
"Why do it discretely? Just do them all in one batch."
A good example of an optimised process and much quicker than simple attrition.
"Sounds like a BOFH job to me .. :)"
hey, it's Friday tomorrow! :-)
This advise might work for them.
Bit difficult in the real world.
I well remember suggesting this in my organization well over a decade ago and I was laughed at. (At the time thumb drives weren't around but floppies, Zip drives, email attachments and mobile phones were.)
Even the management instantly balked at it such is their addiction to such devices. It'll be a brave organization that does. It might even stop it recruiting the top people when the fact's known.
" it recruiting the top people when the fact's known."
Well they're hardly the top people if they are a liability are they?
worked on a site a while ago (ok, a long time ago) where everything was as locked down as possible - not just O/S but hardware things, and standards that said no removable drives by default, and those that had them were encrypted media only, etc. - all worked fine. Multiple antivirus everywhere, and so on.
Weak link in the security chain / fence? One day the Programme Director brought in a laptop from home because he liked it more than the one he'd been provided with the job, plugged it in to the LAN. We (support team) saw it, disabled the port, then went to tell him no. Response was to attempt to shoot messenger, threatening termination and so on unless we plugged his laptop in and got him access to the files he wanted.
All good points but as long as good security is seen as a cost and a source of friction it the comprises made are more likely to fall one way than the other.
Good to see el Reg living up to it's famed journalistic integrity... Reporting on what the telegraph said that GCHQ said, rather than bothering to read the report.
On mobile phones, they ACTUALLY said :
“Mobile working offers great business benefit but exposes the organisation to risks that will be challenging to manage. Mobile working extends the corporate security boundary to the user’s location. It is advisable for organisations to establish risk-based policies and procedures that cover all types of mobile devices and flexible working if they are to effectively manage the risks.”
Lets not let a little thing like facts get in the way of giving GCHQ a good kicking
No fucking shit its a security risk, so is cloud computing and I'd happily stop users using things like the Good app/BYOD but for some reason upper management are obsessed with the bastard concept, probably as it ultimately means more work for less pay from the users as they check emails in what should be downtime.
Staff in general are the "weakest link in the security chain" and disgruntled employees and the mischief they can create are a particular threat, the spooks advise.
So not the CxO's who think security is for the little people then?
Is that the best that GCHQ can do nowadays ...... Stating the bleeding obvious long after the fact.
Whenever are they going to grasp the export opportunity and exploit systems with 0day vulnerabilities and lead virtually invisibly and practically anonymously from the front with some ab fab fabless proaction and/or NEUKlearer HyperRadioProActive IT. Failure to do so will naturally result in them following and reacting to events with no more input to output than that which is supplied by fanatics and spectators.
UKGBNI expect considerably more than just that abdication and perversion of duty.
Get your FCUKing APT ACT together, GCHQ. You know you should and really want to. Anything else and you are someone else's plaything.
Having worked in a large multi-national, there's nothing in here that new or be don't already do.
Additionally, the document in question was published in May 2013. http://www.gchq.gov.uk/press_and_media/news_and_features/Documents/directors_IoD_article.pdf
“Monitor all user activity", and make sure staff are aware that violations in acceptable use policies will lead to disciplinary action.
Then mail us the logs (to save us breaking in)
“Monitor all user activity" is unquestionably one of the hallmarks of GCHQ's style.
It's normally the big (old) bosses and section heads which are the worst, high phishing target but so important in their role they won't be fucking told about IT stuff.
Staff, don't make me laugh.
The advice from the intelligence agency's CESG (Communications-Electronics Security Group) information assurance arm comes against a backdrop of increased concerns about the theft of intellectual property by cyber-spies.
And one imagines the difficulty they may now have in protecting the paedophile rings at the top of government and security and police and justice circles. And then there's all that offshore money laundering that is so rife in the City too.
Life's a bitch, aint it.
Outsource the secure stuff to the Roswell Greys.
(cough its really hard to read a language when you don't understand a single word /cough)
Good luck with that.
My company (a US multinational) can't even provide a decent IT service on their budget let alone spend more spying on their "trusted" employees.
Biting the hand that feeds IT © 1998–2017