The point I was making is that there are always more threats after you have mitigated any particular set of threats. The question is “how far down this tunnel” do you want to go? DR is no different.
Certainly you can mitigate some threats mentioned so far fairly quickly, especially in smaller environments (e.g. by having good policies – but do you invest in auditing tools to verify that policies are being followed?) But that’s like saying that only the top 5 threats are worth mitigating. What about the next 5? Or the 5 after that? Or the next 50 after that? My last project was implementing infrastructure (including security) for an entire national government, and whilst the items listed by others are worth considering, there is a whole raft of other threats that need to be dealt with, and some very expensive solutions that deal with those. And no matter what you’ve implemented (whether that’s hiring more people, implementing more product or producing more policies) there’s always more that can be done. Hence the “bottomless pit” comment. Cheers Ken From: Mike Tavares [mailto:[email protected]] Sent: Saturday, 3 November 2012 11:06 PM To: NT System Admin Issues Subject: Re: 7 shortcuts To Get Your Network Hacked (huh?) Security doesn’t need to be a bottomless pit (DR is a whole different beast). If you look at the security concerns of most of us that have posted to this thread. Most of them is fixed by having strong enforced POLICIES (like not having generic/weak/reused passwords. Policies on what BYOD devices have to have before being allowed to connect to the network, strong/accurate FW rules, etc). All of that is very little to no cost at all to fix. It is actually having a management team that knows it is going to happen to them vs the management teams that think hacks only happen to companies that are bigger than theirs. From: Ken Schaefer<mailto:[email protected]> Sent: Friday, November 02, 2012 10:46 PM To: NT System Admin Issues<mailto:[email protected]> Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) The problem with security or DR is that spending is, potentially, a bottomless pit. You can insure against an almost unimaginable array of business losses – but all that insurance costs money. So where to deploy your insurance money, and how much to deploy, is a question that hasn’t really been determined yet. Cheers Ken From: Jon Harris [mailto:[email protected]] Sent: Saturday, 3 November 2012 10:30 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I guess that like having a datacenter disaster management will bury their heads or make excuses until something bad happens. Then they will be all for taking care of issues that will just fester. My guess is until the government takes someone to court and gets some huge fines imposed for release of personal information or some hospital/insurance company gets sued and loses they will be all for BYOD and no controls imposed on those devices. Jon ________________________________ Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) Date: Fri, 2 Nov 2012 09:32:22 -0400 From: [email protected]<mailto:[email protected]> To: [email protected]<mailto:[email protected]> Yes its scary, but I know in healthcare its gaining a lot of steam. ( Right in the middle of it right now). I know some in the insurance industry and others are also in the same boat. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> From: Mike Tavares [mailto:[email protected]] Sent: Thursday, November 01, 2012 6:49 PM To: NT System Admin Issues Subject: Re: 7 shortcuts To Get Your Network Hacked (huh?) My guess is it is going to later rather sooner for most companies. I recently attended a CEO level conference and the question was posed to them if they were taking any precautions now for BYOD’s and of the 30 or so CEO’s that were in the room 2 raised their hands. Kinda scary when it stop and think about it. From: Ziots, Edward<mailto:[email protected]> Sent: Wednesday, October 31, 2012 3:49 AM To: NT System Admin Issues<mailto:[email protected]> Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I would say that BYOD is going to creep up to the top of the list sooner than laters for the following reasons. 1) Lack of security specifications and hardening on users devices. ( Android and IOS have many flaws some we are just finding out about) (Just look at jailbreakme.com. 2) Security solutions like ( Mobile-Iron and others) will help mitigate but not totally reduce issues with endpoint devices to an acceptable level. 3) Again these BYOD devices, are more likely and easily stolen or misplaced as compared to corporate devices ( laptop) these days ( abiet, yes laptops are still getting stolen, but usually they are fully encrypted, so going to be hard to get any information of value off them for a while, note: I didn’t say impossible) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> = ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
