Social networks, local admins, unpatched software, missing USBs: the causes of security problems in your business are often not just the big stuff that tries to get inside the firewall, it's the little problems that are already on the inside. On October 13th at 16:00 BST/11:00 EDT, our latest live Regcast questions- Could your …
No offense intended
But "Securosis" sounds like an evil disease!
It wouldnt let me set the password "John"
My security experiences?
Well, the more information you share about your experiences the more risks you might be taking when the "bad guys" are having an eye on you ;-)
So I think I'll skip this one 8-)
A little more seriously; "The weakest link". And that will always be the end user. That is the thing to look out for. Especially since most of the time the user in question might not even realize what the risks of his or her actions are. OR they don't care, which is something you should always keep in the back of your mind as well.
Either way... You can't prepare for everything but IMO keeping an eye out for the weakest links in the whole infrastructure and keeping a backup plan in mind in case something does go completely wrong is most likely the best way to go.
IMO that works for both big as well as smaller environments.
However, in a lot of cases departments tend to think "big", often resulting in many people who will fall between the gaps so to speak. Exceptions will be made because "people can't do their jobs" and in the end you'll have more risks and probably also more expenses (time is money as well) to cover for.
While if you try to think "small" and work your way up you can most likely come up with a better solution which covers most aspects.
It might seem like way too much time when considering such plan of action, but IMO the end results will be better. Esp. since you most likely won't have to cope with a dozen of small exceptions every here and there.
My 2 cents on the matter.
Lumension are not a security company they are a hardware management company! Like saying BP are a car company, just because they do something vaguely related to it.
An outfit I used to work for had a very sophisticated security architecture that totally failed to realise that employees might use their laptops on the internet at home and then connect them to the intranet at work. All security by-passed!
- HALF A BILLION TERRORISTS: WhatsApp encrypts ALL its worldwide jabber
- HUMAN DNA 'will be FOUND ON MOON' – rocking boffin Brian Cox
- Bang! You're dead. Who gets your email, iTunes and Facebook?
- YOU are the threat: True confessions of real-life sysadmins
- Blackpool hotel 'fines' couple £100 for crap TripAdvisor review