you have a lot of faith that Big Balls hasn't been compromised. Because surely none of them are using their personal smartphones or laptops and are following strict access protocols. Seeing that they are so so careful with everything else they've been doing.
I feel like this is a bad episode of the Twilight Zone.
One of the more bizarre things with this whole saga is seeing people act as though the existing government employees are any different. People throwing our “vetted” like it means something meaningful.
No, “vetting” basically means they checked to see if you ever got caught embezzling money, or in the case of clearances, if you lied about committing any crimes (committing them is ok). They are regular people and getting them to abide by sensible IT policies is a giant nightmare and compliance is poor.
Heck, have people already forgotten Trump’s tax returns were leaked by politically motivated “vetted” people working for the IRS? Not the first time that happened either. And they didn’t even find anything interesting!
"Had previously been fired from a job for leaking sensitive company data" tends to be the sort of thing that stops you from getting jobs where you work with extremely sensitive data.
Some system protect against that. The philosophy behind IBM RACF is :《 A key security principle is the separation of duties between different users so that no one person has sufficient access privilege to perpetrate damaging fraud.》
> The philosophy behind IBM RACF is :《 A key security principle is the separation of duties between different users so that no one person has sufficient access privilege to perpetrate damaging fraud.》
I am so primed to parse emoticons eagerly that I thought that the philosophy was :《
I'm gonna go out on a limb and say no, not without first going through a change management process and going through a privileged session management system, except in the case of an emergency break-glass scenario where using those emergency creds throws all kinds of big DANGER alerts across the org if the access was unexpected. I can't speak to the Treasury and IRS specifically, but that's kinda standard across large orgs, especially ones that get audited regularly on their handling of sensitive data.
> No, “vetting” basically means they checked to see if you ever got caught embezzling money, or in the case of clearances, if you lied about committing any crimes (committing them is ok). They are regular people and getting them to abide by sensible IT policies is a giant nightmare and compliance is poor.
However little is involved in vetting, it's something that has been done for regular government employees and hasn't been done for these employees. I'd rather have minimal safeguards than none.
I feel like this is a bad episode of the Twilight Zone.