Backups? We’re Government IT, We Don’t Need No Stinkin’ Backups…

Mr. Wayne.png

via Sean Gallagher’s superlative blog piece ensconced at Ars Technica, detailing the astoundingly blatant stupidity exhibited by Baltimore City’s IT Department during their recent ransomware episodes.

There is enough stupidity to spread around the Baltimore City information techonology landscape. One leg of the highly touted Information Security Benchmark Model Triad: Confidentiality, Integrity, and Availability was not met: Availability (include Integrity if you examine what became of the integrity of the data, which of course, is impactful of the Confidentiality of the data). Where were the security folks in this conflagration?

“In a report to a committee of the Baltimore City Council last week, City Auditor Josh Pasch said that the city’s Information Technology department could not provide any documentation of its work toward meeting agency performance goals because the only copies of that data were kept on local hard drives and never backed up to a server or the cloud.” – via Sean Gallagher in his blog post published at Ars Technica


*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.infosecurity.us/blog/2019/9/30/we-are-government-it-we-dont-need-no-stinkin-backupsar