More stuff for the resume. Plan well, budget appropriately, live long and prosper.
* * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Thu, Jan 26, 2012 at 9:45 AM, [email protected] <[email protected]> wrote: > NCUA.**** > > Some PCI but not all yet. We don't create cards but will in the future so > PCI will be a big hit around here..lol and GLBA…**** > > Doing the best I can with senior management but last August they were here > and recommended a Generator and replication, WE purchased them within 2 > weeks. Don't need them but purchased them…**** > > I feel like I am going to have a lot of work ahead of me.**** > > ** ** > > ** ** > > *From:* Andrew S. Baker [mailto:[email protected]] > *Posted At:* Wednesday, January 25, 2012 5:12 PM > > *Posted To:* [email protected] > *Conversation:* FW: SIEM > *Subject:* Re: FW: SIEM**** > > ** ** > > You need to speak to your senior mgmt about the auditors.**** > > ** ** > > Have them show you some *current* best practices, or some compliance > requirements that mandate this.**** > > ** ** > > Or, if the stubborness prevails, convince your management to sign off on > the acceptance on this "legacy" configuration, because they are increasing > your risk profile.**** > > > Please tell us the auditors, so we can prepare ourselves to avoid them at > all costs. I haven't had to have this particular argument with auditors > since 2005 or 6.**** > > ** ** > > As for the SEIM, it's not a bad idea, necessarily. But I would highly > recommend opensource to start, so you better manage costs.**** > > ** ** > > As for the encryption everywhere, that is just foolhardy for most > businesses. To solve this particular problem, just research a few > end-to-end security vendors and bring the invoice -- with list prices -- to > your management team. It'll be shot down so fast you might get dazed.**** > > ** ** > > Your auditors are obviously trying to make up for a deficiency in revenue > at their organization... **** > > ** ** > > What industry or government regulations are you subject to?**** > > ** ** > > > **** > > *ASB***** > > *http://XeeMe.com/AndrewBaker***** > > *Harnessing the Advantages of Technology for the SMB market…***** > > > > **** > > On Wed, Jan 25, 2012 at 3:21 PM, [email protected] <[email protected]> > wrote:**** > > So far it is their way only no discussion and I should have had this in > place already. Still not in the discussion phase of the audit so I may get > a chance to talk back but so far it has been you are a bad bad > administrator and should be bound and beaten. I am working on the bound > part but I may need a good beaten….**** > > Thanks guys.**** > > They want to make sure my way of looking at logs, (SYSLOG and FireGen), is > enough but they also want everything encrypted.**** > > **** > > **** > > *From:* Andrew S. Baker [mailto:[email protected]] > *Posted At:* Wednesday, January 25, 2012 2:36 PM > > *Posted To:* [email protected] > *Conversation:* FW: SIEM > *Subject:* Re: FW: SIEM > **** > > **** > > You've got some fun auditors.**** > > **** > > Google will help you here. (Understanding of the category, rather than > selection of the tool)**** > > **** > > Why aren't you asking the auditors these questions?**** > > > **** > > *ASB***** > > *http://XeeMe.com/AndrewBaker***** > > *Harnessing the Advantages of Technology for the SMB market…***** > > ** ** > > On Wed, Jan 25, 2012 at 2:14 PM, [email protected] <[email protected]> > wrote:**** > > **** > > **** > > This is new to me. What is SIEM and what do I do with it?**** > > **** > > > ** > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
