"10 Steps to Cyber Security"
But do these ten steps protect you from the spooks themselves ?
GCHQ is advising organisations to consider stripping staff of smartphones and memory sticks in order to make themselves less exposed to cyber attacks. The advice from the intelligence agency's CESG (Communications-Electronics Security Group) information assurance arm comes against a backdrop of increased concerns about the …
"Staff in general are the "weakest link in the security chain" and disgruntled employees and the mischief they can create are a particular threat, the spooks advise."
I this is the case the why not immediately disband the entire GCHQ as it in itself presents the greatest risk to the country and it's people.
I well remember suggesting this in my organization well over a decade ago and I was laughed at. (At the time thumb drives weren't around but floppies, Zip drives, email attachments and mobile phones were.)
Even the management instantly balked at it such is their addiction to such devices. It'll be a brave organization that does. It might even stop it recruiting the top people when the fact's known.
worked on a site a while ago (ok, a long time ago) where everything was as locked down as possible - not just O/S but hardware things, and standards that said no removable drives by default, and those that had them were encrypted media only, etc. - all worked fine. Multiple antivirus everywhere, and so on.
Weak link in the security chain / fence? One day the Programme Director brought in a laptop from home because he liked it more than the one he'd been provided with the job, plugged it in to the LAN. We (support team) saw it, disabled the port, then went to tell him no. Response was to attempt to shoot messenger, threatening termination and so on unless we plugged his laptop in and got him access to the files he wanted.
Good to see el Reg living up to it's famed journalistic integrity... Reporting on what the telegraph said that GCHQ said, rather than bothering to read the report.
On mobile phones, they ACTUALLY said :
“Mobile working offers great business benefit but exposes the organisation to risks that will be challenging to manage. Mobile working extends the corporate security boundary to the user’s location. It is advisable for organisations to establish risk-based policies and procedures that cover all types of mobile devices and flexible working if they are to effectively manage the risks.”
No fucking shit its a security risk, so is cloud computing and I'd happily stop users using things like the Good app/BYOD but for some reason upper management are obsessed with the bastard concept, probably as it ultimately means more work for less pay from the users as they check emails in what should be downtime.
Is that the best that GCHQ can do nowadays ...... Stating the bleeding obvious long after the fact.
Whenever are they going to grasp the export opportunity and exploit systems with 0day vulnerabilities and lead virtually invisibly and practically anonymously from the front with some ab fab fabless proaction and/or NEUKlearer HyperRadioProActive IT. Failure to do so will naturally result in them following and reacting to events with no more input to output than that which is supplied by fanatics and spectators.
UKGBNI expect considerably more than just that abdication and perversion of duty.
Get your FCUKing APT ACT together, GCHQ. You know you should and really want to. Anything else and you are someone else's plaything.
The advice from the intelligence agency's CESG (Communications-Electronics Security Group) information assurance arm comes against a backdrop of increased concerns about the theft of intellectual property by cyber-spies.
And one imagines the difficulty they may now have in protecting the paedophile rings at the top of government and security and police and justice circles. And then there's all that offshore money laundering that is so rife in the City too.
Life's a bitch, aint it.
Biting the hand that feeds IT © 1998–2019