Re: Oh Dear, Where to start?!

["Bill Hardstone" <rhardstone () eudoramail com>]

If I were start on this assignment, I would do the following.


1.      Write up a risk assessment 
2.      Develop a plan of action documents based on templates from SANS website
3.      Develop a good working relationship with someone in the senior management and get their buy-in on this. (You 
might have heard this… “policy without teeth is not a policy after all” )

The third step is most important one; if I were not able to get management buy in. Doesn’t matter how good the plan 
that I have proposed and what vulnerabilities it is uncovering. It would probably become another plan on the shelf and 
will probably never be implemented.

On the side note, the timeframe for this engagement is very small and to make things complicated, you will most likely 
receive heavy resistance on this from every level of the organization (sorry but don’t mean to discourage you) but my 
experience is that people in the public sector are hardest to accept change, especially from an outsider.

I really liked the analogy of military commander in a hot DMZ… that Christopher Meidinge sketched in one of the posting 
I just saw… I think you right in the middle on this one.

Good luck, Steve 

My 0.2 Canadian cents

Bill



Need a new email address that people can remember
Check out the new EudoraMail at
http://www.eudoramail.com

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------