You forgot the dyed in the wool Mac head that keeps repeating you don't need this with a Mac and Mac's can't get a virus and yes I know both are wrong but I heard that mantra for almost 10 years. Along with but I need to see what so and so is working on.
Jon On Fri, Nov 12, 2010 at 4:01 PM, Ziots, Edward <[email protected]> wrote: > (1) Good luck on changing the "This is how its always been done, why > change argument" ( Like Jim said, when they get burned they get burned) > > 2) Auditing and ABE (Access based Enumeration) is a great 1-2 punch to > getting the data auditable and structured, just remember Authenticate, > Authorization and Auditing. > > 3) This kinda goes in with part (2), given that in the course of > re-structuring you need to talk with the bussines or at least the users > of the data, and take it in small chunks accordingly, and at first its > going to feel like a Great-White Shark took a bite out of you when > people don't have access anymore, but after to start applying structure, > groups, permissions and auditing it will get easier and easier, and > should let you structure more and more of the data in a similar > structure across your servers as a corporate/organizational standard. > (Trust me took a while here, but a simple users, Department share > structure across all the file servers has worked wonders for data > structure). > > I think some of the best arguments that Management will see the light of > day on will probably be the following: > > Data Integrity: I am sure if there are files, folders with sensitive > information, and someone with that generic account that has access > manipulates figures, or information inside those files, which causes > financial reporting or other company misrepresentations to happen ( Q10 > report to the SEC) (HIV Status on patients) (Financial Earnings for the > next quarter) then who did the data manipulation and when was it done, > and at what time was the document, documents correct, and when was it's > data integrity violation. With lack of auditing, access, and accounting > of actions by users that is exactly the quagmire that happens, and the > business comes to beat the management of IT over the head, when the > business ( data-owner) has not properly done their due-diligence in > properly describing the importance of the data in which the > data-custodian ( IT) is charged with protecting under the > security-schema that is supposed to be dictated by the data-owner > (Bussiness). > > This is only one of the situations at could arise, and there are many > many others, that are even more serious and could cripple a > company/organization to the point it doesn't recover, all because the > simple security steps was never thought of in the beginning or the > politics and the lack of leadership within those said organizations > never allowed the correct structure to be put in place and to make > people accountable for their actions. > > Food for thought, > > Happy Friday all :) > > Z > > Edward E. Ziots > CISSP, Network +, Security + > Network Engineer > Lifespan Organization > Email:[email protected] <email%[email protected]> > Cell:401-639-3505 > > > -----Original Message----- > From: Ben Scott [mailto:[email protected]] > Sent: Friday, November 12, 2010 3:43 PM > To: NT System Admin Issues > Subject: Re: Questions on the Application of Restricted Groups to Local > Groups on Servers, Workstations > > On Fri, Nov 12, 2010 at 2:53 PM, Ziots, Edward <[email protected]> > wrote: > > the real problem is permissions beyond ones job responsibilities, and > the > > risk that it entails, and the politics that goes with it. > > Yah, we're currently struggling through that here at %WORK%. A huge > chunk of the company's data is in a giant pile on a shared folder > that's got no organization and no selective permissions at all. If > you've got an account, you've got access. Currently working on it, > but there are multiple challenges: > > (1) Changing 15+ years of thinking. > > (2) Figuring out who actually needs access to what. > > (3) Figuring out what some of this stuff even is. > > My favorite find so far is a working copy of Microsoft Project 3.0a > (circa 1992), buried several layers deep in an archived projects > folder. It still ran. Remember when you could install software just > by coping files? :) > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
