As the de-facto CISO of our small company, I have today received a note that CISA has published a list of "bad practices" to avoid when running critical infrastructure (or other things):

1. Don't run terribly outdated stuff
2. Change default passwords

"This list is focused and does not include every possible inadvisable cybersecurity practice."

· · Web · 1 · 1 · 2

@drahflow I'm thinking both "too easy" (to riff on) and "everyone has to start somewhere".

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.