As Ed Snowden travels the globe to skirt capture by US officials, debate ensues regarding the measures that lead to his access of highly sensitive classified information. The drive to outsource often surrounds an IT strategy that seeks to lower operational costs and enhance IT capabilities at a faster rate with lower costs.The pros and cons of
development models for outsourcing versus in-house development along with
associated risks should be considered when weighing IT Strategy. The benefits of outsourcing are not without risks as the US government has come to learn. IT industry and political experts are suggesting that the Feds should in-source employees with access to the type of classified information that Snowden was exposed to during his employ. Additionally, suggestions to implement a tighter system of monitoring those employees with access to classified information is being considered as NSA security policies are reviewed, scrutinized and revised based on the investigation. Would clearly stated policies on processes available to dissenting voices within the NSA have prevented Snowden's actions? Was there security education and training provided by the NSA to contractual employees? Could this have potentially prevented one of the biggest security compromises in US history?
Saturday, June 29, 2013
Sunday, June 23, 2013
NSA SecSDLC was inadequate
The debate rages on about the NSA's bungling of policies that enabled security contractor Snowden's access to highly classified documentation resulting in subsequent leak of classified documents. What is clear is that the need to mitigate and manage risk to future threats and attacks is a priority here. A failure to be proactive created the gap in understanding threats to the NSA's security policies with the need now to establish an information security project with emphasize on mitigating future risk through development of a SecSDLC.
http://news.yahoo.com/nsa-chief-keith-alexander-system-did-not-prevent-142449841--abc-news-topstories.html
http://news.yahoo.com/nsa-chief-keith-alexander-system-did-not-prevent-142449841--abc-news-topstories.html
Tuesday, June 4, 2013
Introduction to my security blog
Good evening fellow bloggers. My name is Susan Salahshoor and I'm creating this blog as part of a school assignment for a course in Information Security Management. As I navigate through the course and gain an understanding of IS issues, I plan to ask questions and provide answers on lessons learned pertaining to IS security topics. I hope you'll come along on this educational journey with me. Welcome!
Subscribe to:
Posts (Atom)