And in the latest “don’t store your passwords in the cloud” news, NortonLifeLock warns that hackers breached Password Manager accounts
@abucci@anthony.buc.ci Did you also see the recent Circle CI breach? 🤔
@abucci@anthony.buc.ci What really irks me really is why anyone would ever trust a 3rd-party company/service at all with sensitive data (or really any data for that matter, but especially credentials) – not only is it impossibly hard to “secure”, but what incentives do they have to keep it secure from prying eyes in the first place? (even from themselves) 🤦♂️
@abucci@anthony.buc.ci ISO 27001 is basically the same. It means that there is management sign off for a process to improve security is in place. Not that the system is secure. And ITIL is that managment signs off that problems and incidents should have processes defined.
Though its a good mess of words you can throw around while saying “management supports this so X needs to get done”
@abucci@anthony.buc.ci ISO 27001 is basically the same. It means that there is management sign off for a process to improve security is in place. Not that the system is secure. And ITIL is that managment signs off that problems and incidents should have processes defined.
Though its a good mess of words you can throw around while saying “management supports this so X needs to get done”
@abucci@anthony.buc.ci Yeah I have actually, it’s total bullshit. It’s not security at all, in fact if you look carefully you’ll notice that those same companies usually use the words “we’re SOC 2 compliant”. It’s all about “compliance” and those fucking “checkboxes” 🤦♂️ compliance != security, policies/processes == (can) mean shit™
@jlj@twt.nfld.uk Yeah welcome haha 🤣 Mate our industry (IT) is a complete hoke 😅
@abucci@anthony.buc.ci And as we both know, the processes (most of them?) are either old and outdated or suck completely. Something you learn in undergrad from a good professor (hopefully) is:
Security is not an afterthought.
Security is built in.