cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Background checks? We don' need no background checks ...

In Florida (which, you will recall, had recent mass shootings such as at the Stoneman Douglas High School and the Pulse nightclub) more than a year went by in which the state approved gun carry licence applications without carrying out background checks.  The reason? An employee couldn't remember her login for the check system.  So she just didn't check.

 

I am reminded of a situation where sales and marketing was supposed to carry out virus scans before they installed our product.  They had previously been using an inferior product and I mandated that they using a more accurate product.  At one point a machine was brought in as a problem.  First step in my process was to scan the machine, and, sure enough, it was infected.

"Did you scan it?"

"Yes."

"Did you use the right scanner?"

"Well, no, we used the old one."

"Why did you use the old scanner, when I've specified that you have to use the new one?"

"Well, when we use the one you told us to, it finds viruses ..."


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
2 Replies
CISOScott
Community Champion


@rslade wrote:

 

"Well, when we use the one you told us to, it finds viruses ..."


Yes the peril of being a good security person. When you find threats and insecurities they like you, until you shutoff their USB ports, block auto forwarding of emails, etc.

Then you become "that" guy/gal.............

Beads
Advocate I

Don't know what to say other than its always a good idea to scan with two distinctly different A/V engines. When I have Trend Micro installed I use F-Secure or Symantec or McAffee or whomever as a separate control. Your controls were bypassed because you made a suggestion not a policy from the get go. This needs to be a policy level argument otherwise your end-user simply made a excuse for you to choke. Well... someone is going to choke on this, might as well be the end-user.

 

Something similar happened to me here where I had someone bypass the A/V by deleting the .exe on a machine more than sufficiently protected from 3rd party media, booting or software load. No, my person injected code into the .exe to destroy it. Smart. So smart that I wrote a policy indicating my displeasure with circumventing security controls.