Information Security News mailing list archives
Re: Letter to the editor - Token effort on IT security
From: InfoSec News <isn () c4i org>
Date: Wed, 17 Apr 2002 02:23:27 -0500 (CDT)
Forwarded from: rferrell () texas net
Too many managers think that IT security is firewalls or intrusion-detection systems. It isn't. There are several others that are important, but you get the idea.
Here's another example of this mindset, related from personal experience: Imagine an NT/Win2K server farm of perhaps 20 boxes, at least six or seven of which are running IIS. Add to that eight Solaris servers, four of which are running Apache and in one case iPlanet as well. Now visualize Snort running on the Solaris side and ICECap on the Microsoft. Picture yourself being the one person responsible for security analysis/response for all these servers, keeping in mind that they're all .gov and therefore prime targets. Assume around 2,000 suspicious events per 24 hour period. Sound like a busy job? Guess what: senior management of the agency in question have dismissed the notion that security analysis is anything like a full-time job. They apparently feel that this can be dealt with in, at most, a couple of hours a day. I should add that the total technical infosec staff for this division of the agency is one. There are several people devoted to policy writing, but only one to actual security implementation, across all platforms. On the other hand, it's a vast improvement over a year ago. Anyone need a slightly (ab)used security analyst? ;-) RGF Robert G. Ferrell rferrell () texas net - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Letter to the editor - Token effort on IT security InfoSec News (Apr 16)
- <Possible follow-ups>
- RE: Letter to the editor - Token effort on IT security InfoSec News (Apr 17)
- Re: Letter to the editor - Token effort on IT security InfoSec News (Apr 17)
- RE: Letter to the editor - Token effort on IT security InfoSec News (Apr 18)