Kevin Beaver's Security Blog

$25 billion for information security gaffes?

What if the government could come running to protect us every time we or one of our colleagues made a bad security decision – intentional or not? Imagine:

• setting an Allow All rule in your firewall
• making all of your databases accessible via the Internet
• revoking any and all password policies
• never testing your systems for vulnerabilities

….or,

• avoiding data backups because, well, you just can…

Everything we do in life – every choice we make has consequences (well, almost)…Make a dumb mistake with information security and really bad things can happen: people have their identities stolen, employees get fired, businesses get fined – even entire companies go away. But make a dumb mistake by buying more house than you can afford or lending money to people who aren’t qualified and you get rewarded. Wow…

Well, I guess I was right in my other post about the housing bailout. This time it’s “only” $25 billion that the U.S. Taxpayers are having to fork over to bail out Fannie Mae and Freddie Mac – two agencies the government itself created…but what the heck. That’s what this country’s all about anyway: punish achievement and reward failure.

Funny how the politicians want to impose all these information security laws and regulations all the while they ignore the basic Rule of Law themselves. Shame on our so-called leaders.