Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

Expecting better (from a CISSP)

I manage IT operations for a pretty large organization. As it should be, the guy who does oversight on IT Security doesn't report to me but we do a lot of collaboration. The guy is also a Cissp.

So he comes up waving a printed email stating that his admin account was going to be disabled and wanted to know what the problem was. I looked at the email and saw the following just in the printout:
  • Address was from "", not our organization.
  • There was a link to a ".gr" domain (there was no html tagging to obfuscate the link destination in the print out). My organization has a presence in Greece but no IT/web infrastructure.
The guy was going on about "this is what I got when I scanned a document on your digital sender. I think that thing has been compromised."

Asking him when he scanned the document that generated the email he stated "just a few minutes ago". Looking at the printed document, the email he printed was received the week before.

The guy was seriously worked up, he wasn't trying to punk me. It turns out that he had gone into his junk mail to see if he had missed something. He then walked away, came back and forgotten he was there as opposed to his inbox.

My response was that I expected better from someone with a CISSP. Don't be this guy. If you're going to be the security person, be thoroughly engaged in being the IT security person.

This post first appeared on Recent Blogs Posts - IT Certificatio, please read the originial post: here

Share the post

Expecting better (from a CISSP)


Subscribe to Recent Blogs Posts - It Certificatio

Get updates delivered right to your inbox!

Thank you for your subscription