Security Basics mailing list archives
RE: Security Simplification
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 21 Feb 2007 16:01:39 -0800
Security is a trade-off, money/effort against risk. Reading between the lines, your VP is saying that *his perception of* the current stance is that the money/effort is too great and he believes that it can be reduced without increasing risk past acceptable levels. All of your current security measures SHOULD be aimed at mitigating some risk to the business. (Obviously, the first place to look for cuts is any measures that are not having this effect....) So you need to identify places where the mitigation being achieved is small, and confirm with him that the risk associated with discontinuing those measures is acceptable. If you're lucky, you may find cases where some single measure can provide equivalent mitigation to what two or three measures are currently achieving. But it won't be an exact trade-off, because such gains in *efficiency* usually sacrifice *depth*. It would help to know what part of the current security arrangements he finds too complex. There may be opportunities to shift some of the complexity between different constituencies, such as between users and sysadmins. What part of the picture is he most focussed on? David Gillett
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of oligarchicalrule () gmail com Sent: Wednesday, February 21, 2007 11:51 AM To: security-basics () securityfocus com Subject: Security Simplification If you were told by a VP to simplify security for your organization, what you think would be a starting point? It's seems vague. We run Windows servers/desktops that are built on the same images. We use Cisco switches/routers/etc. I'm not really sure where to start.
--------------------------------------------------------------------------- This list is sponsored by: BigFix If your IT fails, you're out of business - or worse. Arm your enterprise with BigFix, the single converged IT security and operations engine. BigFix enables continuous discovery, assessment, remediation, and enforcement for complex and distributed IT environments in real-time from a single console. Think what's next. Think BigFix. http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/ ---------------------------------------------------------------------------
Current thread:
- Security Simplification oligarchicalrule (Feb 21)
- Re: Security Simplification Tyler Krpata (Feb 22)
- RE: Security Simplification David Gillett (Feb 22)
- RE: Security Simplification Donald N. Kenepp (Feb 22)
- Re: Security Simplification Stan (Feb 22)
- Re: Security Simplification Matt Moore (Feb 22)
- Re: Security Simplification Paul daSilva (Feb 22)
- Re: Security Simplification Matt Moore (Feb 22)
- Re: Security Simplification Isaac Perez Moncho (Feb 23)
- <Possible follow-ups>
- RE: Security Simplification Nhon Yeung (Feb 22)
- Re: Security Simplification Christian Kopacsi (Feb 22)
- Re: Security Simplification simonis (Feb 22)
- Re: Re: Security Simplification aaarugrat (Feb 23)
(Thread continues...)