Security Basics mailing list archives
Re: Basic Windows Security Question
From: Barrie Dempster <barrie () reboot-robot net>
Date: Tue, 12 Apr 2005 11:50:30 +0100
Dante Mercurio wrote:
Since I didn't see it mentioned in the other replies but a product that can do this is: http://www.gfi.com/lanpsc/ In addition to the problems mentioned regarding numerous workarounds that users will find, I've found with these kinds of issues a major obstacle is management support. Upper management are the first ones to make themselves exceptions and then next thing you know the exception is the rule and the restritions don't apply to anyone.
This is true with almost any security policy, however as the person responsible for implementing and managing the security policy, you can enforce it with most users. If your security policy (and security measures) contain as much as possible to mitigate risks involved with data leaving the business systems and a manager decides to circumvent that, this then falls on their head and there is really very little you can do about that. This should *by no means* however encourage you to give up on the security policy completely, there will always be exceptions to policy, as the security admin however you *must* be fully aware of these and control them as much as possible. If your main focus is to protect the businesses assets then as long as you have clearly defined policy and tested measures in place (in this case the GFI product, security policies in windows or physically disabling devices) your other obligation is to ensure that everyone including management have read the policy in place and understand the implications. However since the managers in most cases have final sign off on policy, they should really have already sanctioned it. I know that admins constantly struggle when implementing policy, this is the whole point of having a policy making process however. The policy is supposed to be a trade-off between the best practise and the necessary business functions. The security admins role in this is to try to shift the policy as close to the best practise as possible. -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue blog: http://zeedo.blogspot.com site: http://www.bsrf.org.uk CA: www.cacert.org "He who hingeth aboot, getteth hee-haw" - Victor (Still Game)
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- RE: Basic Windows Security Question David Gillett (Apr 04)
- Re: Basic Windows Security Question Ansgar -59cobalt- Wiechers (Apr 05)
- <Possible follow-ups>
- Re: Basic Windows Security Question Doug . Janelle (Apr 04)
- RE: Basic Windows Security Question Herman Frederick Ebeling Jr. (Apr 04)
- Re: Basic Windows Security Question Steve (Apr 05)
- Re: Basic Windows Security Question Sebastian (Apr 06)
- Re: Basic Windows Security Question Danny Puckett (Apr 04)
- Re: Basic Windows Security Question Steve (Apr 04)
- Re: Basic Windows Security Question C. Francis Pineda (Apr 05)
- RE: Basic Windows Security Question Dante Mercurio (Apr 06)
- Re: Basic Windows Security Question Barrie Dempster (Apr 12)