Home page logo
/

basics logo Security Basics mailing list archives

RE: Security Simplification
From: "Donald N. Kenepp" <don () videon-central com>
Date: Wed, 21 Feb 2007 17:13:52 -0500

Hi,

  That does sound vague.  You should definitely ask for clarification before
proceeding.

  Your VP may be coming from a user standpoint; most users want security to
be invisible.  What can you do to maintain good security, but make security
measures affect users less?

    How do users log in?  Are there multiple different passwords they have
to remember for various systems?  Could you look at single sign on?

    Could you consolidate various security measures to a suite solution?

    Do users ever get security alerts where they have to respond to a yes or
no question?

    Do users or customers ever have problems working due to security
measures?

    Do users back up data on their own, or is there an automated backup?

  Your VP may be coming from a strategic standpoint; how can you consolidate
and simplify company security measures?
  
    Do you push security updates from a central server?

    Do you consolidate logs and alerts on a central server?

    Are there services to outsource or bring back in house that would
simplify security?

    Are there outdated systems and services that could be updated or
eliminated?

    Are there outdated policies or procedures in place?

  Not everything in the quick list above will be productive, economical, or
feasible in your environment, but perhaps it is a start.  Again, asking for
clarification will help solidify your actual goals.  Your VP may want some
ideas, or they may actually have a single pet peeve that they want you to
change.

  Sincerely,
    Donald

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of oligarchicalrule () gmail com
Sent: Wednesday, February 21, 2007 2:51 PM
To: security-basics () securityfocus com
Subject: Security Simplification

If you were told by a VP to simplify security for your organization, what
you think would be a starting point?  It's seems vague.  We run Windows
servers/desktops that are built on the same images.  We use Cisco
switches/routers/etc.  I'm not really sure where to start.




---------------------------------------------------------------------------
This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse.  Arm your 
enterprise with BigFix, the single converged IT security and operations 
engine. BigFix enables continuous discovery, assessment, remediation, 
and enforcement for complex and distributed IT environments in real-time 
from a single console.
Think what's next. Think BigFix. 

http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]