You're right, they aren't robots, they're overpaid tech writers that memorized just enough industry jargon and buzzwords to talk the talk without being able to walk the walk.
http://www.computerweekly.com/Articles/2010/03/25/240719/Sans-founder-slams-39terribly-damaging39-US-cyber-security.htm SANS Institute founder Alan Paller had some comments about FISMA compliance and C&A professionals. "[They] rewarded ineffective behavior and created a cadre of people who call themselves security professionals but who proudly admit they cannot implement security settings on systems and network devices or find a programming flaw," he said. "Fisma had created and rewarded a culture of compliance rather than security," Paller said. Federal and state governments were "radically short of money", but they were forced to spend it on reporting rather than security, he said. "Writers who know how a few words about security and federal regulations now make 50% to 80% more money than the people who actually secure systems and networks and applications," he said. "It is as if we paid the compliance staff at a hospital more than the surgeons." He said the nation's attention should be on real-time monitoring of its information systems and networks to prevent or mitigate attacks as they happened. "Oversight must be focused on the effectiveness of the agencies' real time defences," he said. On Wed, Apr 7, 2010 at 2:52 PM, <valdis.kletni...@vt.edu> wrote: > On Wed, 07 Apr 2010 11:31:28 PDT, J Roger said: > >> That's not entirely the case. Auditors aren't robots. > > Unfortunately, that's far too often not true. Internal audit departments > in particular seem to accumulate people with no real clue, because they > *don't* rely on passing the client in order to get the job again next year. > They stay around for the next fiscal year by showing a pretty list with "See > all the things we found wrong", not by "See all the creative solutions we > looked at and decided were in fact OK". > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/