Security Basics mailing list archives
Re: Administrators security training
From: p1g <killfactory () gmail com>
Date: Mon, 6 Oct 2008 20:47:59 -0400
S0h0us, Check out some of the state gov websites. A lot of states post their security policies and other help documents. These document may give you a good starting point. sounds like you are on the right track. End user awareness training is a must. p1g On Mon, Oct 6, 2008 at 12:11 PM, <s0h0us () yahoo com> wrote:
As ISO I put together trainig material as part of security awaress for staff and customers. I am in the proces of creating an information security training presentation for individuals, outside the IT department, who have administrative responsibilities for internal applications and web portals. (don't ask) These are not necessarily extremely technical people, so it is a high level presentation that will require some additional support from IT staff as well. Below is a list of topics I'm planning on covering. Any others you can suggest would be greatly appreciated: General responsibilities as an admin (privileged access, become familiar with security controls, stronger requirements for account passwords and expirations, point out application weaknesses and suggest ways to mitigate) How to perform entitlement reviews(identify users and "need to know", periodic review of users, minimize number of admin users, etc) How to review reports and application logs Documentation/procedures for creating, deleting, and modifying accounts) I have also developed a checklist that includes questions like: is the application accessible from non private networks, password and account requirements, bcp documentation, backup of data, dormant account reviews, session timeouts, etc) thanks for the feedback happy security awareness month!!
-- -p1g SnortCP, ESSE-D, C|HFI, TNCP, TECP, NACP, A+, whatever.. ,,__ o" )~ oink oink ' ' ' ' If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke
Current thread:
- Administrators security training s0h0us (Oct 06)
- Re: Administrators security training p1g (Oct 07)
- Re: Administrators security training ॐ aditya mukadam ॐ (Oct 07)