[nsp-sec] what to do when a muni doesn't take a potential breach seriously
Chris Morrow
morrowc at ops-netman.net
Tue Aug 2 21:42:46 EDT 2011
On 08/02/11 19:09, John Brown wrote:
> ----------- nsp-security Confidential --------
>
> Any thoughts on how one should handle when a Muni's purchasing
> department doesn't take a potential security / data breach
> serious???
>
> Who would be best to contact ??
press?
the city CIO/CSO? The vendors/respondents themselves?
The press is the obvious dick-move, the victims here are probably more
likely to walk over with a cluebat, especially if you ship them all all
of the content: "Hey, just so you know, this rar file of crap was
available... I think it's got data from you and your 3 biggest
competitors in it, maybe you ought to chat with clue-challenged at muni.gov?"
> The data in question is all RFP's, vendor data, and other data that
> affects the award of a RFP/RFQ. Including if a potential RFP
> respondent acted in a timely manner and executed the shrink wrap /
> click wrap agreements relating to an RFP.
>
>
>
>
> _______________________________________________ nsp-security mailing
> list nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list