Click here to visit Original posting
This organization's IT security officer leaves and isn't replaced. "A year and a half goes by and the organization suffers a web page defacement," says a pilot fish on the scene. "During the course of the remediation, another server that has a couple of Trojans on it is found."
That's not really a big surprise. Since the infosec guy's departure, the CIO has repeatedly demanded that ports be opened in the firewall, external connections be made to servers bypassing the firewall and servers in the DMZ be connected to internal servers.
The support manager objects every time -- and is always overruled.
"Worse, support isn't part of the process of selection or meetings with potential vendors for the new web services," fish says. "Support only finds out about the requirements when they are directed to create the holes."