"And you didn't notice?" "No, we just assume that the Tax Stamp Buyer always buys stamps." "And who do they report to?" "Uh no one."
-
Show this thread
-
Think how much you can deduce about Equifax's security posture from the complaint that a single email getting not read enables this.
2 replies 115 retweets 440 likesShow this thread -
There is no ticketing system employed, because a ticketing system would (unlike email) show evidence of work being requested but not done.
4 replies 63 retweets 356 likesShow this thread -
There is no two-man rule for changes to critical systems, because that would produce another person with direct knowledge of this issue.
1 reply 49 retweets 313 likesShow this thread -
There is no culture of follow-through in the org, because the person reporting the vulnerability thought tossing over transom was "OK, done"
2 replies 44 retweets 287 likesShow this thread -
There is no centralized list, anywhere, of what software is deployed and what version it is. There is no process run against that list.
2 replies 31 retweets 264 likesShow this thread -
There are either no automated scans of deployed systems or they are severely deficient.
4 replies 25 retweets 217 likesShow this thread -
Management, up to and including the CEO, was aware of these deficiencies in controls and did not correct them, for years.
3 replies 55 retweets 321 likesShow this thread -
This is the sort of situation in which a Japanese CEO would resign while taking the blame for a lax managerial environment. That is correct.
3 replies 52 retweets 407 likesShow this thread -
Replying to @patio11
I don't envy much about the salaryman model, nor I believe do you, but this—this I do envy.
1 reply 0 retweets 2 likes
This is basically THE thing that I think traditionally managed Japanese companies are right about. Responsibility flows uphill, always.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.