Jump to content

Political Discussion Thread (With Rules)

Simon

By Simon
in Non-Gaming Discussion

 Share

Recommended Posts

TrickstaPriest Enthusiast

TrickstaPriest

Posted
Posted
44 minutes ago, Old Man said:

So... yes, but at the same time, it is not good security to give any one person full access to all systems.  IT security does need to be able to see everything that's happening, but should not have access to make changes.  Conversely superusers should rarely have access to all things.  Role based access control has been a best practice for decades, and the industry is now moving toward zero trust.

 

Blaming the "best practices" for security breaches is nuts.

 

As far as the commenter goes

55 minutes ago, archer said:

Joe: Who cares about their schooling? If this profession is causing the problems why would you want to hire them anyway? Even if they have not caused a breach, they are a den of idiots. Why not go with engineers who know how to lock down systems?

 

I totally agree with (:edited) what you are saying.  The article's definitely been written for people who clearly don't have a clue. 

 

(edited out, just irrelevant)

 

I know someone in Software Dev who had the same opinion - punish software devs for software dev failures.  Sue them, etc.

 

Sometimes you -can- blame a single person for a failure.  And those people might actually get blackballed.  But the attitude they are creating here is to blame people for failures they likely won't have control over.  It's very different from, let's say, a medical malpractice incident. 

 

Not unless you happen to have multiple teams of doctors and nurses administrating your needs at once and working in an interconnected environ...

 

I do wonder if this is part of a push to devalue the industry, like how much of Silicon Valley conspired to pay programmers worse.

Link to comment
Share on other sites
  • Replies 24.3k
  • Created
  • Last Reply

Top Posters In This Topic

  • Lord Liaden

    2695

  • Old Man

    2091

  • unclevlad

    1660

  • Pariah

    1114

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Doc Shadow
Doc Shadow

I feel this needs to be shared.  

Cygnia
Cygnia
Old Man
Old Man

Meanwhile over Mar-a Lago:  

Posted Images

Simon Grand Master

Simon

Posted
  • Author
Posted

I think that the article shows a lack of understanding of the breadth of the security field, focusing only on auditors.  Auditors monitor/check to ensure compliance with security policy.  Security policy is based on best practices and is intended to protect an organization from the human factor -- legitimate users who are compromised.  This is an important (and very difficult) area to protect....but is far from the whole of security.

 

Auditors do not (and are generally not qualified to) check for vulnerabilities within the systems that their security policies are looking to protect.  Again, their security policies look to protect from the human factor -- George down in finance browses to the wrong site (or clicks the wrong link, etc.) on a corporate system....that kind of thing.

 

Hackers (ethical or otherwise) look for and exploit vulnerabilities both at the software/hardware level and the wetware level -- whatever is going to get the access that they are looking for.  Security policies will help to keep the legitimate users of a given system from unintentionally providing that access, but that's an extremely tall order and not even half of the battle.  An organization needs to know (and fix or at least isolate) the vulnerabilities at a software and hardware level in their systems...and for many, that's a very expensive and invasive proposition. Companies like Colonial Pipeline have systems that were designed a LONG time ago, generally jerry rigged into providing networked/internet access.  Security policies that are properly designed and implemented can help to limit the extent of a given breach, but don't really address the underlying vulnerabilities that may have lead to the breach in the first place. This doesn't devalue them, it just means that they're only part of the solution.

Link to comment
Share on other sites
Pariah Grand Master

Pariah

Posted
Posted

Of course he is.

 

St. Louis lawyer who waved rifle at protesters running for Senate in Missouri

 

Here's a brief look at his 'platform':

Quote

 

An angry mob marched to destroy my home and kill my family, I took a stand to defend them.

I am a proven fighter against the mob

When the mob comes to destroy our home, our state, our nation— I’ll defend it

I will NEVER BACK DOWN

 

 

Link to comment
Share on other sites
Tom Rising Star

Tom

Posted
Posted
4 hours ago, Dr. MID-Nite said:

 

That's kind of the point I'm trying to make. I'm not really qualified to do that kind of work, but the people we have actually doing it our even worse.


That might be because the actual “qualifications” are the ability to raise money and win a popularity contest. 

Link to comment
Share on other sites
Dr. MID-Nite Mentor

Dr. MID-Nite

Posted
Posted
3 hours ago, unclevlad said:

CNN gave a shout out to this opinion piece from WaPo:

https://www.washingtonpost.com/opinions/lets-just-say-it-the-republicans-are-the-problem/2012/04/27/gIQAxCVUlT_story.html

 

Note the date.

 

And we've done nothing since except allow them to do whatever the hell they want.....

Link to comment
Share on other sites
archer Mentor

archer

Posted
Posted
4 hours ago, TrickstaPriest said:

https://www.politico.com/news/2021/05/25/trump-is-starting-to-put-together-his-own-contract-with-america-and-hes-teaming-up-with-newt-490829

 

...

 

I don't really see this as a threat.

 

With the original Contract with America in 1994, the Republicans hadn't controlled the House of Representatives since 1958. And that meant they'd had no way of forcing legislation to come to the floor for a vote in almost 40 years.

 

So Gingrich and his followers came up with a list of 10 longstanding hobby-horse issues which they'd not been able to have an up-or-down vote on for longer than many of their voters had been alive. There was a VAST pent up demand which their voters wanted satisfied.

 

That isn't the case today, regardless of which issues go into the "contract". The Republicans have controlled the House on and off since 1994 and have had plenty of times to vote on whatever their little hearts desire. Their failure to pass legislation in recent years can be much more easily blamed on Republican infighting than on even Democrat opposition.

 

Now having said that, Gingrich was a savvy political operative back then and had had close to twenty years of work behind him to bring the Republican caucus together enough to promote his plan through the election.

 

This time, in contrast, he's having to convince a self-destructive orange clown to support a plan. The plan is going to have to be grandiose enough to appeal to a clown or the clown will toss it five minutes after he agrees to it. You can't pull together legislators and voters to support plans which are absurdly grandiose.

 

And you likely can't pull together legislators and voters to be wildly enthusiastic about policy initiatives which have been brought up over and over for the last couple of decades but have always failed to make it into law even when Republicans controlled the House, Senate, and presidency (which accurately describes the proposals mentioned in the article).

 

So in order to be successful, it seems to me that Gingrich would have to thread the needle in finding something grand enough to appeal to Trump and keep his attention for 1.5 years, something new, AND something that Republican voters have been desperately wanting forever.

 

< cue Mission Impossible music >

Link to comment
Share on other sites
Old Man Grand Master

Old Man

Posted
Posted
6 hours ago, archer said:

So in order to be successful, it seems to me that Gingrich would have to thread the needle in finding something grand enough to appeal to Trump and keep his attention for 1.5 years, something new, AND something that Republican voters have been desperately wanting forever.

 

The "something" you're looking for is the stolen 2020 presidential election.  That's how the GOP plans to override elections at the state level in 2024 (if not 2022).  They're already laying the groundwork with the election fraudits in Arizona and Georgia (so far) and direct legislative control over election certification in a number of other states.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...