Security Basics mailing list archives

Re: Basic Windows Security Question

From: Barrie Dempster <barrie () reboot-robot net>
Date: Tue, 12 Apr 2005 11:50:30 +0100

Dante Mercurio wrote:

Since I didn't see it mentioned in the other replies but a product that
can do this is:
http://www.gfi.com/lanpsc/

In addition to the problems mentioned regarding numerous workarounds
that users will find, I've found with these kinds of issues a major
obstacle is management support. Upper management are the first ones to
make themselves exceptions and then next thing you know the exception is
the rule and the restritions don't apply to anyone.


This is true with almost any security policy, however as the person
responsible for implementing and managing the security policy, you can
enforce it with most users. If your security policy (and security
measures) contain as much as possible to mitigate risks involved with
data leaving the business systems and a manager decides to circumvent
that, this then falls on their head and there is really very little you
can do about that. This should *by no means* however encourage you to
give up on the security policy completely, there will always be
exceptions to policy, as the security admin however you *must* be fully
aware of these and control them as much as possible.

If your main focus is to protect the businesses assets then as long as
you have clearly defined policy and tested measures in place (in this
case the GFI product, security policies in windows or physically
disabling devices) your other obligation is to ensure that everyone
including management have read the policy in place and understand the
implications.

However since the managers in most cases have final sign off on policy,
they should really have already sanctioned it.

I know that admins constantly struggle when implementing policy, this is
the whole point of having a policy making process however. The policy is
supposed to be a trade-off between the best practise and the necessary
business functions. The security admins role in this is to try to shift
the policy as close to the best practise as possible.

--
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

blog: http://zeedo.blogspot.com
site: http://www.bsrf.org.uk
CA: www.cacert.org

"He who hingeth aboot, getteth hee-haw" - Victor (Still Game)

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Current thread:

RE: Basic Windows Security Question David Gillett (Apr 04)
- Re: Basic Windows Security Question Ansgar -59cobalt- Wiechers (Apr 05)
- <Possible follow-ups>
- Re: Basic Windows Security Question Doug . Janelle (Apr 04)
- RE: Basic Windows Security Question Herman Frederick Ebeling Jr. (Apr 04)
  - Re: Basic Windows Security Question Steve (Apr 05)
  - Re: Basic Windows Security Question Sebastian (Apr 06)
- Re: Basic Windows Security Question Danny Puckett (Apr 04)
- Re: Basic Windows Security Question Steve (Apr 04)
- Re: Basic Windows Security Question C. Francis Pineda (Apr 05)
- RE: Basic Windows Security Question Dante Mercurio (Apr 06)
  - Re: Basic Windows Security Question Barrie Dempster (Apr 12)