IT Security Notes

Tuesday, September 24, 2002

Went to a seminar recently, one of the Microsoft Executive Circle series. Good speakers, great giveaways!

Cost-constraned Infrastructure

Doug Kasamis

Treat IT as its own company

• Customer focus
• ROI
• Measurement
• Budget

IT Governance

Align IT strategy with business strategy: include IT costs with business items.

Process automation

Information Security

Mike Rasmussen

"Security is a process, not a product."

• Increased awareness of network vulnerabilities because of viruses.
• Physical security weaknesses came to light on 9\11.
• Enron-type debacles pressure more regulations like security audits.
  
• Security is everybody's responsibility, and needs to be distributed.
  
• Set standards & policies
• Educating about those standards
• Auditing for those standards

Security Architecture

• Understand business requirements
• 5-year plan: where are we going?
• Define standards (regs, tech, operational)
• Means for measurement

Defining Requirements

1. Risk & threat assessment 
2. Select criteria from standards 
3. Add items not in standards 
4. Implement

Security Process

1. People: everybody 
2. Architecture: aligns security with business, sets management expectation
3. Awareness: communicate expectations
4. Technologies: security products enforce security in support of architecture

Intrusion 

1. Management 
2. Detection
3. Consolidate data
4. Response

0 Comments

Comments are closed for this article.