cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Community Champion

Community Site Security?

@david-shearer  @amandavanceISC2 this Community site needs some love and attention to when it comes to security. In particular, it is missing several "security headers". The site gets a failing grade of "D" [report here]. In comparison the isc2.org site gets a grade of A [report here].

12 Replies
Highlighted
(ISC)² Former Staff

Re: Community Site Security?

Hello @AppDefects , 

 

Thank you for bringing this to our attention. We will have our security team review this information. 

 

 

 

Samantha O'Connor
(ISC)² Online Community Manager
Highlighted
Community Champion

Re: Community Site Security?

Need to take as a grain of salt of these types of scans, they typically don't mean a whole lot.

 

Go scan dhs.gov, whitehouse.gov, etc.

 

Bottom line, I don't think we need to spend time and money on meeting these scans. Of course the overall security measures need to be in place, but no necessarily spending effort chasing some academic security standards.

 

JMHO,

 


____________________________________
Chuxing Chen, Ph.D., CISSP, PMP
Highlighted
Community Champion

Re: Community Site Security?

 

 

If that site provides a reliable assessment this is certainly an embarrassment for (ISC)2.

 

Assuming the community site is still being 'developed' --- like I said in another post, it's like they employed the waterfall model, but re-ordered the phases --- perhaps we'll see this attended to shortly.

 

(I seem to be feeling over-optimistic today --- could have been something I ate... Man LOL)

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
Highlighted
Community Champion

Re: Community Site Security?


@Chuxing wrote:

these types of scans, they typically don't mean a whole lot.


Unfortunately, we hear (la, la, la, la, la, not listening to you) a lot until something happens. Then it is on record that management knew about it and maybe they didn't do anything about it because someone told them not to. I wouldn't want to be in that position. I take AppSec very seriously. That is why I showed the comparison between sites and the differences in grades. Why should social media sites be a <blank>. The organization has a responsibility to protect your data and mine.