If you’re interested in security, you really should subscribe to the semiweekly SANS Newsbites newsletter. The subscription is free except for the occasional email notifications of SANS courses and events. Each letter comprises a series of short (typically a paragraph or two) items about security issues.
The lastest edition (v. XVII, n 47) notes1 that in the wake of the OPM breach that exposed the personal information of potentially millions of federal employees, the White House has directed all federal agencies to immediately implement basic security measures such as keeping their patches up to date, using anti-virus products, and checking their logs. Really? This is 2015 and the President of the United States has to tell his agencies to perform the most basic security measures? What does it take to get fired?
One of the Newsbites editors gave the administration credit for doing something but most were incredulous that the government has spent billions of dollars on IT security in the last decade and is still telling its IT departments to do what “a high school freshman studying information security [would] suggest.”
Footnotes:
This report is the first item in the newsletter.