Re: So there are people out there looking for these systems with the tools to do damage.
While I conceive that protecting these systems is just good business practice (aka. "Striving for Excellence" in a Total Quality Management program), please do explain why "board level staff" should "do time" when the recommended quality assurance processes are not in place or handled well.
If your arse depends on these systems being locked down, why -- you know how to order up audits, dontcha?
And then we have the "gov't owned" stuff letting it all hang out. What you gonna do about it? Probably wait until horse bolted, then slap on the wrist, then more money injections.