And in another shining display of barn-door closure after horses have exited, they are now looking at doing TRA's? Oh, and maybe they should do security education too? I certainly hope they are also looking at the obvious breakdown in IT services delivery as well. Written approval to put a new computer on the network? Okay, I can understand that the FBI might not want anyone wandering in with a new machine and getting access to their network, but c'mon people, there are systems to track this data flow! Hell there are even systems to automate the verification of the security and permissions of a machine. And really, if you have proper file permissions and encryption, and say, unused ports disabled, you'll go a hell of a way to making your network secure.
Do they have to make carbons of that written permission? I suppose it travels by inter-office mail courier as well.
It really makes me giggle. Some days when I think my employer has tipped way too far as far as process for security goes, I think 'hmm, wouldn't it be fun to go work in a nutty little company that doesn't know jack about security?' and I think I've just found the perfect candidate.