Comments on: Pay it forward / Advice for the security admin and manager http://infosecplace.com/blog/2006/08/03/pay-it-forward-advice-for-the-security-admin-and-manager/ Commentary on the State of Information Security Sun, 10 Jan 2010 16:13:08 -0700 http://wordpress.org/?v=2.9.1 hourly 1 By: Anton on Security http://infosecplace.com/blog/2006/08/03/pay-it-forward-advice-for-the-security-admin-and-manager/comment-page-1/#comment-354 Anton on Security Fri, 11 Aug 2006 06:43:45 +0000 http://infosecplace.com/blog/2006/08/03/pay-it-forward-advice-for-the-security-admin-and-manager/#comment-354 <strong>Anton's Security Tip of the Week #1...</strong> Upon seeing folks giving security tips of the day on their blogs (like here, here, here ; SANS jumped in as well), I decided to follow along and join the initiative. One of the bloggers called it "pay it forward"...... Anton’s Security Tip of the Week #1…

Upon seeing folks giving security tips of the day on their blogs (like here, here, here ; SANS jumped in as well), I decided to follow along and join the initiative. One of the bloggers called it “pay it forward”……

]]> By: Mark Washington http://infosecplace.com/blog/2006/08/03/pay-it-forward-advice-for-the-security-admin-and-manager/comment-page-1/#comment-326 Mark Washington Mon, 07 Aug 2006 14:19:35 +0000 http://infosecplace.com/blog/2006/08/03/pay-it-forward-advice-for-the-security-admin-and-manager/#comment-326 I agree for the most part and I would like to add the following to your due diligence in procedures. There is a third part and it is enforcement. You can all the policies and procedures readily available to your user base, however if you do not enforcement that has "teeth" there is really no point on having a policy or procedure unless you are under some type of regulatory compliance. As an example the VA's stolen laptop fiasco. There was a break down in procedures and probably a breakdown on security awareness within the organization. However there was enforcement (probably because the whole mess went public), one could argue that the enforce was somewhat severe, but regardless it was enforcement. Due dilgience in policies and procedures is great, but without enforcement what is the point? Mark I agree for the most part and I would like to add the following to your due diligence in procedures. There is a third part and it is enforcement. You can all the policies and procedures readily available to your user base, however if you do not enforcement that has “teeth” there is really no point on having a policy or procedure unless you are under some type of regulatory compliance. As an example the VA’s stolen laptop fiasco. There was a break down in procedures and probably a breakdown on security awareness within the organization. However there was enforcement (probably because the whole mess went public), one could argue that the enforce was somewhat severe, but regardless it was enforcement. Due dilgience in policies and procedures is great, but without enforcement what is the point?

Mark

]]> By: Alan Shimel http://infosecplace.com/blog/2006/08/03/pay-it-forward-advice-for-the-security-admin-and-manager/comment-page-1/#comment-182 Alan Shimel Fri, 04 Aug 2006 05:54:29 +0000 http://infosecplace.com/blog/2006/08/03/pay-it-forward-advice-for-the-security-admin-and-manager/#comment-182 Michael - no offense taken that we are not as big as Cisco or some other shops. We just try harder ;-) Seriously, I am glad that at least we are calling you and asking for your business! Michael – no offense taken that we are not as big as Cisco or some other shops. We just try harder ;-) Seriously, I am glad that at least we are calling you and asking for your business!

]]> By: mcwresearch.com » Pay it forward: Know Your Network http://infosecplace.com/blog/2006/08/03/pay-it-forward-advice-for-the-security-admin-and-manager/comment-page-1/#comment-175 mcwresearch.com » Pay it forward: Know Your Network Thu, 03 Aug 2006 21:32:04 +0000 http://infosecplace.com/blog/2006/08/03/pay-it-forward-advice-for-the-security-admin-and-manager/#comment-175 [...] Michael Farnum at An Information Security Place posted a tip today about due diligence (my post today ties into ‘due diligence’ nicely). [...] [...] Michael Farnum at An Information Security Place posted a tip today about due diligence (my post today ties into ‘due diligence’ nicely). [...]

]]>