PaulDotCom mailing list archives
Visible Ops - Is it worth investing in?
From: rgula at tenablesecurity.com (Ron Gula)
Date: Tue, 12 Jan 2010 09:58:23 -0500
On 1/12/2010 9:01 AM, Monkey Daemon wrote:
I have a friend who is interested in investigating "visible ops" however he's having a real issue getting anyone in the organisation to accept a proposal for a change management system, never mind a culture change towards a new way of doing things. Does anyone have any experience of using Visible Ops that I might be able to pass on to him in order that he can sell this (or another improved way of working) to his managment team?
This sort of conversation comes up a lot at the IANS forums Tenable participates with. I hear end users all the time ask for tips on how to get buy-in for change management, standard builds, executive governance, .etc. It has many different names. In the face of non-believers, my advice is as follows: - Use whatever regulations your organization MUST comply with as a starting point. For example, I've seen pristine PCI server farms yet the CEO's desktop has a random configuration. Use what is working elsewhere to fix things that are broken. - Show how you can save money. A big principal of Visible Ops is that controling change also tends to control when you have bugs or outages. Keep in mind that saving money could mean lowering the number of people working in IT, lowering the number of help desk calls, .etc. I speak a lot about this sort of stuff, and use the slant of log analysis, configuration auditing and vulnerability scanning as a view into how the IT management process works. Some of these are online: Winning at the Compliance Game https://www1.gotomeeting.com/register/706770928 (requires an email address) If you want a specific view on Visible Ops, I wrote a paper on how vuln scanning and network monitoring can help map into this process which is here: http://www.nessus.org/whitepapers/tenable_and_visible_ops.pdf -- Ron Gula, CEO Tenable Network Security
Current thread:
- Visible Ops - Is it worth investing in? Monkey Daemon (Jan 12)
- Visible Ops - Is it worth investing in? Ron Gula (Jan 12)
- Visible Ops - Is it worth investing in? Monkey Daemon (Jan 12)
- Visible Ops - Is it worth investing in? Ron Gula (Jan 12)