As Edward Snowden continues to evade the US government, debate continues on what could be done differently to ensure sensitive classified information is maintained as top secret. It appears that if the NSA used the SSE-CMM mature security model as a framework to protect the agency's assets from threats, that adequate measures would have been implemented to ensure their data was secure. This does not seem to be the case. Following the Snowden's whistleblowing incident, the agency is putting in place actions to track system administrators with a policy called the two man rule. While hind site is 20/20, it is evident the agency's security department did not take the adequate measures to mitigate the risk of information freely walking out the door.
No comments:
Post a Comment