The contracting firm that said "the files were secure because they were on servers not indexed by search engines" should be the one punished and fired.
The bigger question that needs to be addressed from this this incident is whether the government provided the contractor with details on how information should be protected. I believe the overall problem lies in this question. Why, you ask? I am currently working on a contract with the government and when I asked questions about security requirements that I needed to adhere to, I received no responses!
The bigger question that needs to be addressed from this this incident is whether the government provided the contractor with details on how information should be protected. I believe the overall problem lies in this question. Why, you ask? I am currently working on a contract with the government and when I asked questions about security requirements that I needed to adhere to, I received no responses!
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/newsbriefs/546/2051#2051