Contact:[email protected]
Making Security an Enabler #1 Biggest challenge: Explaining to the boss why security is important. Most users see security as an obstacle to their work, and poorly planned security measures certainly can be. It is important to make the boss understand the potential cost and probability of an incident that hasn't happened yet. Security allows users to do their jobs because their data is safe, and that's a tough one to make users understand. #2. User compliance. You can tell them what they should and shouldn't do, but it's tough to enforce. Our users did things they knew they shouldn't, because the boss wouldn't do anything to them after they were caught. #3. Staff training. I haven't seen many organizations where the security guy didn't spend part of his time as the computer-fix-it guy. That's okay, but it means he won't be as good at either job, and that means risk on the security side. #4. Policies. Your policies have to be clear and specific, but also reasonably short. If they're too long, nobody will read them, and if they're too complicated, nobody will understand them. Get the lawyers to review them, to ensure you'll be able to enforce (or ask the boss to enforce) the policy when someone breaks it. #5. Tools. There are some great tools out there. Some are easier to use than others, and they're all expensive. We couldn't figure out SMS, so we bought Intel LANDesk to remotely manage our clients. We got our hands on a demo copy of ISS RealSecure, which allowed us to show the boss that we were under attack. He let us buy the real thing for real-time automated response, and ISS Internet Scanner for proacive assessment & inspections. There are other tools out there which do similar things, but I can't imagine getting the job done without such tools, and the resources to train with them. Don Back to the Index