One chestnut from my history in lottery game development:

While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.

Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.

  • GreenBottles
    link
    161 year ago

    I got to say after reading a couple stories here I can understand the frustrations and some very legitimate stories here make a lot of sense in the context of it teams fucking up. but I also think there’s a lot of ignorance about what people are actually trying to accomplish in some of these stories as somebody that does it security and a lot of compliance work sometimes we’re doing these things because we have to not so much that we want to.

    • shastaxc
      link
      fedilink
      191 year ago

      Doesn’t matter to the end user whose fault it is. The spirit of this discussion is what was done to make your life harder. If you want to, go ahead and read it as “IT workers, what stupid things were you mandated to do that made your workers jobs harder?” The end user doesn’t know why a thing happens, just that IT did it. They’ll complain to IT and if it’s not their fault, it’s their responsibility to push back on whoever is calling these shots. The idiot in charge won’t know any better unless he’s called out on his bullshit.

      • GreenBottles
        link
        81 year ago

        I understand, I often have to explain to large groups of people why we make the choices we make as a security team and it’s not always a very popular thing I make a lot of people upset because security and convenience don’t really work well together.