Some users astound me with their complete stupidity. I wonder at their ability to walk and breathe at the same time. Their utter incompetence is only overshadowed by their complete lack of concern for the personal lives of the I.T. staff.
I'd like to again recommend a special internet for these people. One where updates are only allowed temporarily, with the whole thing reset to proper working order every day at 4am from backup.
Anyway, when someone decides to put a user in charge of something, often this results in weird things.
In a standard security scan, findings are categorized by severity level. There are high, medium, low and informational findings.
The first three are pretty straightforward. The severity dictates how quickly the issue needs to be resolved.
With informational findings, there generally isn't any action to be taken.
This is stuff like "The scanning account has rights to read security settings" and "Windows Server 2003 is installed". I could, technically, fix either of these things, but not without pissing off a lot of people.
Generally, informational findings can be ignored. It is just data the scanner picked up in the course of the scan.
Except when a user gets involved at a high level.
Apparently, the guy dealing with the auditors last year was tired of seeing the same informational findings turn up year after year. He decided to ask the auditor to change the severity level on all informational findings to low, medium or high to make sure that the I.T. people would act on them. This modified report was submitted in that way, and getting a finding which is categorized as low, medium or high pulled out of an officially submitted report requires an act of congress. What I mean to say is that since the systems in question contain health records of current military personnel, it literally requires an act of congress.
From what I understand, congress is a little busy at the moment, so I have to submit crazy detailed paperwork on something like 14000 findings which should, in reality, be all but ignored.
And this, dear internetz, is why users should never ever be put in charge of anything important or given access to anything with more processing power than an Etch-a-Sketch.
It is also another item on my ever-growing list of reasons why I hate them. So hard. In the face.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment