At the State entity I work for, I’ve been annoyed twice by blatant scam robocalls. I decided finally I would report them.
After looking around my intranet, I find out we have an information security office, which I think the law mandates all State entities have. So I call the hotline listed and get… this.
I now go and log in to the State telephone directory and try and look it up in my agency. I find a number for someone whose title sounds somewhat related to infosec, so I call John Doe. After a few rings, I get a message that “Richard Roe is out of the office.” I hang up.
I can call the head of my entity (one grade lower than the Governor), but not the ISO.
I do spot, however, a number for “information” and call it.
I immediately get a person. I ask for information security. She asks me if I mean the people down at the lobby who check people coming in and provide directions (“Information/Security”, but not “Information Security”). I tell her no, and she immediately almost snaps at me, asking me “who DO I want, then?”
I ask for the people I should report a security breach to. A pause. “There aren’t many people on the floor here…”
“Should I call back tomorrow?”
“Yes, during normal business hours, like 9 to 3.”
“OK” – I hang up. Now, the State’s standard workday is 8 am to 4 pm, so I’m not sure where she’s getting her hours from. VRWS maybe?
Even if I do eventually get to where I need to be, this outdated information on our intranet should be corrected or purged.