Security Manager's Journal: Upgrading, and looking for the best we can afford
Several of the company's security technologies are reaching end of life. It's a new experience for our manager to be improving security measures instead of closing gaps.
Several of the company's security technologies are reaching end of life. It's a new experience for our manager to be improving security measures instead of closing gaps.
Windows service accounts used by software are often given domain administrator rights, just because it's quick and easy. That sort of thing rubs security managers the wrong way.
Many accounts exist that aren't associated with individual people, and theyve gotten out of control.
Employees come and employees go, but access rights tend to live on long after their departures.
Now that our manager has gotten approval to hire new staff, he can't find anyone eager for the good jobs he's offering. Is infosec management a bubble of prosperity?
The desktop group is pushing to abandon enterprise-class tools for built-in antivirus, firewall and encryption software from Microsoft. Is that any way to run a business?
When an infection can result from just calling up a mainstream website, malware becomes harder to battle.
They've improved, which raises some interesting possibilities for shoring up security defenses.
A managed security service might be the answer, our manager thinks.
With no budget, our manager has to devise a security awareness and training program on his own.
Our manager seeks a way to protect information on a network whose perimeter is blurring in the age of SaaS.
A flood of mobile devices into the enterprise is exhausting available licenses for mobile-device security. But there are great options available today that didn't exist two years ago.
In my last column, I talked about how time-consuming SOX compliance is for companies like mine. Unfortunately, it's about to get worse.
Today is the last day of the quarter in my company's financial calendar, and that means it's SOX time. I'm wrapping up four quarterly Sarbanes-Oxley Act controls that have to be completed by the end of the day -- reviewing security settings on our financial servers, reviewing the activities of system administrators on those servers, checking for inactive accounts that haven't been logged into in over 90 days, and checking the vulnerability report. SOX activities are remarkably time-consuming.
What do you do when your company's executives insist on special treatment that violates your security policy? This week, I ran into this problem.