Everything you ever wanted to know about security policy management, and much more.
In my last post, I drew some comparisons between our personal health and our network health. I strongly believe that if we struggle to focus on the basics necessary to keep our own bodies healthy and alive, how can we possibly muster up the desire and fortitude to ensure our networks remain secure?
In essence, it’s my theory that you cannot secure what you don’t acknowledge. In preparing for a recent information security seminar, I was going back and reviewing the common findings I’ve uncovered in my security assessments over the past year. At a high level, every finding had these three characteristics:
Looking at more of the specifics, I see most networks having:
All of this and we wonder why we keep “coming down with the flu”.
I know most people are simply doing their best. Like a personal trainer will tell you, take things up a notch or two where you can. Stop living in a state of reaction. Stop letting your network complexity be a crutch – or a security blanket. Get on top of things – not only your network but also the threats and vulnerabilities that keep rearing their ugly heads. I strongly believe that if you focus on these basic challenges and are able to get them under control, you can have a healthy and secure network environment.
Healthy or sick, what’s it going to be? The choice is ultimately up to you.
About the author
Kevin Beaver is an information security consultant, expert witness, writer, and professional speaker with Atlanta-based Principle Logic, LLC. With over 25 years of experience in the industry, Kevin specializes in performing independent security assessments in order to help business executives understand their information risks that actually matter. He has authored/co-authored 11 books on information security including Hacking For Dummies and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, he’s the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Kevin can be reached at www.principlelogic.com and you can follow in on Twitter at @kevinbeaver.
Receive notifications of new posts by email.