Fausto Oliveira, principal security architect at Acceptto, told Threatpost that Wyden is “quite right” in asking why standard security practices in the industry are not being adopted by the CIA.
“Based on the findings of the report, it appears that there was a lack of IT and cybersecurity governance that led to a lax adoption of security controls,” he said. “It is not an operational matter, it is a matter of the agency’s management not setting the right goals to manage the risks associated with operating an organization, specifically an organization that is a desirable target for all kinds of attackers.”
Read the article on ThreatPost
