get it right

Get it right or get out of the way

When a company has a break down in its processes blame is assigned based on whom the process owner is and the individual(s) responsible for completing the missed or an improperly executed task. When a low-level process is broken such as the case was with Experian and the missing Apache Struts patch that allowed an attacker to gain a foothold in their information system and steal 152 million records, I see little reason to start chopping off the heads of senior leadership. Processes should be reviewed at a regular interval that is appropriate for the businesses operational environment (annually, semi-annually, quarterly, or monthly). In Experian’s case, I believe there was a systematic breakdown where the process was broken, and no one up the chain of command was notified. A CIO and CSO at a company as large as Experian don’t have the time or resources to personally check-up on every department nor should they be required to micro-manage. Mid-level and upper-level management should be feeding data to the C-suite at their meetings and if something was off or missing it should’ve been addressed. (more…)

Cell interceptors detected around Washington DC

International mobile subscriber identity (IMSI) devices are used to spoof cell phone towers allowing the interception of text messages and phone calls. The most well known IMSI device is the Stingray which is what police departments use for surveillance. The existence of Stingrays was denied for years and companies that produced them are under non-disclosure agreements to protect the identity of purchasers. (more…)