Security's Everyman

Security's Everyman

Tuesday, November 28, 2006

Did you forget something?

I hope everyone had a great Thanksgiving and got plenty of rest for the year end nightmare that we call IT Security. I know for me it's gonna be a wild, fast ride. has a pretty interesting article The 10 Most Overlooked Aspects of Security. It also fits pretty well with my post last week What I Worry About. Most of it is common sense things that are often overlooked either by accident or by someone who is inexperienced or lazy, but it's good to be reminded from time to time about things that can slip past our radar. One of the things that I like about this article is that each of the 10 items has a page to themselves with a little more detail and even some tips on how to prevent and reduce the impact of these items. It's not a thesis on security but it's pretty good reading to keep you on your toes.

1 comment:

LonerVamp said...

I may have said it before on here, but I'm not surprised either by that list, or by those items. While lots of people can be good desktop jockets or even work on servers passably, it takes a more experienced breed to hit some of those items (or money to afford appliances or software). Typically, I think the "breed" wins out and open source can trump spendy appliances that go out of style all too quickly.

For instance, analysing security log files takes either money spent or someone who is good with a little bit of coding and utilizing of their knowledge and tools. The same can go with utilizing some built-in security functions (the more advanced stuff), and even ecnryption until this becomes more transparent to the users.

I like how some of those items are very much in the managerial or even human resources realm. Background checks and outsourcing are typically beyond the scope of geeks like myself, even if we have good ideas and help support those endeavors. Likewise, we can't do much about home user systems unless we have mgmt backing and policy. Secure development is the same way...even if a shop has a solid development methodology (many don't).

That's a really cool list though, as it hits on some of the very painful and hard realities that security is not just a technical problem worked on by some black-shirt-wearing mysterious pony-tailed guy in the back room who has 20d-sided dice in his car window. :)

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.