Tech Talk
IT Security Notes
Tuesday, September 24, 2002
Went to a seminar recently, one of the Microsoft Executive Circle series. Good speakers, great giveaways!
Cost-constraned Infrastructure
Doug Kasamis
Treat IT as its own company
- Customer focus
- ROI
- Measurement
- Budget
IT Governance
Align IT strategy with business strategy: include IT costs with business items.
Process automation
Information Security
Mike Rasmussen
"Security is a process, not a product."
- Increased awareness of network vulnerabilities because of viruses.
- Physical security weaknesses came to light on 9\11.
- Enron-type debacles pressure more regulations like security audits.
- Security is everybody's responsibility, and needs to be distributed.
- Set standards & policies
- Educating about those standards
- Auditing for those standards
Security Architecture
- Understand business requirements
- 5-year plan: where are we going?
- Define standards (regs, tech, operational)
- Means for measurement
Defining Requirements
- Risk & threat assessment
- Select criteria from standards
- Add items not in standards
- Implement
Security Process
- People: everybody
- Architecture: aligns security with business, sets management expectation
- Awareness: communicate expectations
- Technologies: security products enforce security in support of architecture
Intrusion
0 Comments
- Management
- Detection
- Consolidate data
- Response