Re: Administrators security training

[p1g <killfactory () gmail com>]

S0h0us,
Check out some of the state gov websites. A lot of states post their
security policies and other help documents.
These document may give you a good starting point.

sounds like you are on the right track. End user awareness training is a must.

p1g

On Mon, Oct 6, 2008 at 12:11 PM,  <s0h0us () yahoo com> wrote:
> As ISO I put together trainig material as part of security awaress for staff and customers. I am in the proces of 
> creating an information security training presentation for individuals, outside the IT department, who have 
> administrative responsibilities for internal applications and web portals. (don't ask) These are not necessarily 
> extremely technical people, so it is a high level presentation that will require some additional support from IT 
> staff as well. Below is a list of topics I'm planning on covering. Any others you can suggest would be greatly 
> appreciated:
>
> General responsibilities as an admin (privileged access, become familiar with security controls, stronger 
> requirements for account passwords and expirations, point out application weaknesses and suggest ways to mitigate)
> How to perform entitlement reviews(identify users and "need to know", periodic review of users, minimize number of 
> admin users, etc)
> How to review reports and application logs
> Documentation/procedures for creating, deleting, and modifying accounts)
> I have also developed a checklist that includes questions like: is the application accessible from non private 
> networks, password and account requirements, bcp documentation, backup of data, dormant account reviews, session 
> timeouts, etc)
>
> thanks for the feedback
> happy security awareness month!!



-- 
-p1g
SnortCP, ESSE-D, C|HFI, TNCP, TECP, NACP, A+, whatever..
  ,,__
o"     )~  oink oink
   ' ' ' '

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke