The Feds biggest problem is this gianormous IT security organization they created, DISA. They spent a gazillion dollars on junk like Retina for scanning and they put morons at the control to run the tool. They spend more time creating new iterations of the same document to "enforce" security than actually taking action to secure a network. They want security, follow the Marine Corps way, no compliance means no connection. Period. Pick one security standard and make it a blanket policy across the entire government. Stop wasting time to get people "certified" and put the focus on actually securing the networks. Those idiots are more concerned about their 8570.01M mandates than execution. I'm happy that my tax dollars are now paying three dozen idiots a lot of money to give yet another iteration of something that's already been tried. Here's a recommendation boys, wipe DISA like a WoW raid gone bad.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11494/34916#34916