I found this article rather shocking. Our nation's financial institution had potentially 87% of their servers on their network that were not listed in their update and patch database. Apparently, 1,150 of the servers being used were potentially being used for unauthorized activities. With an institution as large and as well funded as the IRS, one would tend to think their security standards and practices would be at the minimum, up to par with security standards. This article illustrates exactly the opposite. This article further proves the need for organizations to have procedures in place with respect to allowing access to their networks. Whether is device specific or IP specific, there needs to be standards policy and procedures in place so that when an employee needs to add a device, it goes through the proper channel to not only get cleared for security standards, but to also be added into either the inventory or the employees profile as an asset. Here again lies the struggle between our thirst for convenient technology and the need to keep our information secure
Reference: http://www.nextgov.com/nextgov/ng_20080904_3324.php
Reference: http://www.nextgov.com/nextgov/ng_20080904_3324.php
