In our last post, we covered the Overall Assessment, which is largely a data gathering step. By now we should have a spreadsheet of potential projects, along with a WHOLE LOT more knowledge about the overall IT environment. We should understand the general flow of data, primary systems and integration points, overall network layout, and any existing policies. We should also have a good general understanding of vendor and staff skillsets. Next, we’ll build out the risk/impact prioritization – starting with the spreadsheet we created in our first step.
I’ve never worked on a Sonicwall firewall, but we’ll be gaining one shortly. This weekend, we’re moving a data center from Vermont to PA and incorporating it into our existing data center. We have very little documentation — none really. So we don’t know the traffic requirements for the data center we are inheriting. The… Read More »
I used Squidguard at my prior company and it was a fairly easy system to manage. However, my old company was a Linux shop and my current environment is heavily Microsoft-leaning. Can a rogue Linux server be implemented in this environment without wreaking havoc on our team?
Perhaps this has happened to you…
I was just starting to feel like I have control over the number of tasks I need to complete, when I get the following request from our quality group – there are 9 expired IT policies that need to be reviewed, revised, and approved. A quick review shows that some require a total rewrite.
I read about Hershey’s web site compromise in this morning’s paper: “Hacker targets Hershey recipe”, and couldn’t help but wonder, why? Why hack into a website, only to change a recipe involving chocolate? What’s the point? Clearly, there may be more to the story than we know. The movie-watching, suspicious part of me speculates that… Read More »
I worked on several Android projects during 2009, in conjunction with Albright College. These projects gave me an opportunity to learn about the Android OS first-hand and, I’ll admit it, it’s more fun than the typical integration projects I work on during my day job. So in March of 2010, when I saw “Malicious Android… Read More »
Recently I’ve seen many articles discussing the issue of tech-savvy users and their impact on the future role of the corporate IT/IS department. After all, why require an IT department, when users will simply implement and support their own gadgets? This is a valid argument, but it’s not new. Over the past 30 years working… Read More »
What’s the primary problem with social media security? A lack of security awareness among social media users. So many people use social media without thinking about the ramifications.
Banks hire 3rd-party vendors to perform PCI compliance scans against companies who process credit cards. I don’t have direct experience with the outsourcing side of this, having never hired an outside company for this purpose, but I’ve done plenty of vulnerability scans and risk assessments during my career. What I find interesting is that more… Read More »
I recently spent a weekend upgrading a Linux machine from RHEL 4.8 to RHEL 5.3. It was not a fun experience. First, we tried to do an in-place upgrade. RedHat allows this, but recommends against it. The box rebooted fine, but apache wouldn’t start up. During a call to RedHat support (wonderfully friendly group, btw),… Read More »