Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Ashley Madison self-assessments highlight security fears and failures

Steve Ragan | Aug. 21, 2015
Internal assessments highlight core concerns for company executives

Last June, executives and business leaders at Avid Life Media (ALM) responded to an internal Q&A addressing their strengths and fears. This assessment was leaked as part of the documents released by Impact Team this week, and offers a unique insight into how their executives think.

In July, the group demanded that ALM halt operations on the Ashley Madison and Established Men websites, warning the company that failure to do so would result in the release of more than 30GB of compromised records. On Tuesday, Impact Team made good on their threat.

The questions below are from a document titled Critical Success Factors. The author of the assessment form is unknown, but the questions asked were answered by each of the company's top executives.

Spoiler alert: They think like a typical executive that's dealing with day-to-day operations at a large company. Security, while important, wasn't the top concern. The larger, operational issues were the priority. This isn't a shocking revelation. After all, security usually becomes a major factor for most organizations only after an incident has occurred.

However, there was a note in the document, with no name attached to it, that referenced an interesting set of problems the company faces. This suggests that on some levels the lack of security was understood, but based on the assessment form, there was a problem with resourcing.

"Notes: Large lack  security awareness here. Password management. Tenuous level of review on partnerships. Lack of review on security measures."

Again, the questions below are from the self-assessment form shown to Salted Hash earlier today. The answers listed were provided by the named executive. Instead of reproducing the entire form, which we're unable to do, Salted Hash has produced the answers most related to IT/InfoSec.

Will you please tell me, in whatever order they come to mind, those things that you see as critical success factors in your job at this time?

Chris Western, QA Manager, ALM: Having enough skilled people to do test effectively. Need QA specialists who love automation (technically focused), enthusiastic about quality and QA. Half of QA staff wants to move to Dev, the other half lacking technical skills to do automation. Our ability to turn asks around and execute quickly (fluid QA process).

Trevor Sykes, CTO, ALM: Protection of personal information. Because we're a private company, endear our resources to us. Risk of turnover/business continuity. Disgruntlement in teams, need to be careful. More audit capabilities might mitigate this. Traceability. Retention/Motivation/Security concern (bad internal actors). Formalize process of continuous improvement. Heroics still a big factor, codifying full SDLC.

Knowledge sharing across the organization (not doing well enough). Transparency to the business. Meaningful information (not noise) so that the business can have confidence and know what they are paying for.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.