Tuesday, February 23, 2010

ISACA Security Fail

You would think that an organization that prides itself training the next generation of Security specialist, auditors and risk management personal would actually take a few notes in their training to utilize what they preach?

Recently lbhuston had all of his contact and account information purged from the ISACA.ORG site. Was this because it was hacked? There was a disagreement in training material? General Fallout in personal relationships? No it was none other then ISACA.ORG's position to send passwords via a plain text message. There mitigation procedure is to ignore the gaping security hole and wait until they release a new site!!

Yes, thats right the organization that works to set standards and train the future of the InfoSec community, see's nothing wrong with waiting to fix a glaring security hole, until they release their new site.

You can read more of this and lbhuston's comments on this on his blog.

No comments:

Post a Comment