There is no centralized list, anywhere, of what software is deployed and what version it is. There is no process run against that list.
-
-
You would hope that a company with critical information would have wargamed out breach scenarios years ago and put in layers of defense.
Show this thread -
"OK, if they pop a server, what do we do?" "An alarm is raised; we push the Madagascar button." "The what?" "Shut. Down. Everything."
Show this thread -
I will bet at 100 to 1 odds that Equifax has no Madagascar button, the utility of which is obvious years before any particular breach.
Show this thread -
I would also bet that Equifax did not think of the question "Who has the authority to push the Big Red Button?", which serious orgs do.
Show this thread -
Here's another win for Japanese mgmt (we do get *some* things right): https://en.wikipedia.org/wiki/Andon_(manufacturing) … Literally anyone can push the Big Red Button.
Show this thread -
There is a large car company that you're aware of which begins its training about Big Red Buttons with reasons why janitors have pushed it.
Show this thread -
"But why would you let a janitor cost the company millions of dollars?" Because we made a considered decision about tolerances and quality.
Show this thread -
Equifax has apparently not made that considered decision, which is the same thing as making a considered decision... they chose this outcome
Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.