Is it just me, or, has the whole world gone security-crazy?

[MailGuru]

There was a time, many moons ago, when our main focus was production. It didn't matter what you had to do, just get that job on truck.

Now, it seems the whole world has gone security crazy! We've just undergone 2 security-risk assessments and a system vulnerability and penetration test. We are required to be PI (personal identification) certified for the way we handle name and address data for our mail jobs. In order to keep several of our large accounts, we must have a independant 3rd party do a System Vulnerability and Penetration audit at least monthly. Just so you know, the initial audit costs around $2,000 and the monthly audits are $200/month

Today, I have a tour scheduled with a large health insurance provider. One of their first requirements to be selected as a vendor is that we are HIPPA/PHI (patient health information) certified by an independant auditor.

Geeze -- I long for the days of simply worrying about getting the job out the door !!

 

[buckeye]

Sounds a whole lot like the FSC requirements we have to go thru. Everybody has to have their hands in the pie.

-Erik

 

[D Ink Man]

The penetration test sounds very interesting. Why complain?

 

[buckeye]

The penetration test sounds very interesting. Why complain?

Good one D.

 

[gig0]

I usually attempt the penetration test in my significant other when theres downtime on weekends. True story.

 

[narseman]

I usually attempt the penetration test in my significant other when theres downtime on weekends. True story.

Fine if you're the penetrator. What if you're the penetratee?

 

[Peter.Ingersoll]

It's amazing how quickly forum discussions deteriorate. Anyway...

Keep in mind: Regulations aside, organizations are scared. While this is understandable to a degree, I've seen too many situations where the I.T. security guys have say over all. If that security group is only measured on successfully keeping an organization safe, then they can get in the way of business processes, work requirements, and efficiency.

I worked for a company that blocked access to all WordPress sites because WP = personal blog = something bad. I had to use my own iPad and cellular data to do simple research.

 

[D Ink Man]

It's amazing how quickly forum discussions deteriorate. Anyway...

Keep in mind: Regulations aside, organizations are scared. While this is understandable to a degree, I've seen too many situations where the I.T. security guys have say over all. If that security group is only measured on successfully keeping an organization safe, then they can get in the way of business processes, work requirements, and efficiency.

I worked for a company that blocked access to all WordPress sites because WP = personal blog = something bad. I had to use my own iPad and cellular data to do simple research.

It certainly is a shame when you First Amendment Rights are broken. D

 

[gig0]

I'm sorry, is Peter complaining because IT has blocked access to malware riddled web sites from his job?? Poor Peter. Perhaps before crucifying the IT guys he should know he can still access these blocked sites through proxies. This is how school children play MineCraft from school district routers.

 

[gig0]

Fine if you're the penetrator. What if you're the penetratee?

uh, divorce.

 

[Visualaid]

http://mashable.com/2013/03/22/apple-security-exploit/

 

[gig0]

yep. Updated that last night.

 

[Visualaid]

yep. Updated that last night.

what if you don't have another device or don't "do" the iphone

 

[gig0]

Not sure. This was kind of new to me and I was pretty surprised last night after reading the patch notes. On the surface, it seems like a pretty big exploit. Need to read into more details.