exception handling

[don_berry at comcast.net (Don Berry)]

Paper? 

That way you have the signatures of the responsible managers on file. If an
exception that they allowed has a business impact, then they are on the hook
for it.

Don

-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Mike Patterson
Sent: Monday, January 05, 2009 1:43 PM
To: PaulDotCom Security Weekly Mailing List
Subject: [Pauldotcom] exception handling

Day 1 in my new security-type job, and I've run across a bunch of goo
left behind by the last guy.  He didn't, so far as I or anybody else can
tell, document exceptions he'd made to things like his scripts that
check snort logs to see if somebody's been sending out lots of smtp
traffic and so on.  ("So get something like squil going" I hear you
saying, yeah, fine, but meantime I need to get along with what we have now.)

For both this sort of thing and firewall policies, I'm wondering how
people track exceptions that are made, along with documentation
supporting the reasons why, and when the exception can be revoked?

Right now there's two of us with part time help sometimes maybe from a
few other staff members.  Money isn't *really* a problem, but hey, free
is always better, right?  Windows, Linux, Solaris, QNX, don't care what
it runs on.

TIA.

Mike
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com