Tech Talk

Permanent link to IT Security Notes IT Security Notes

Tuesday, September 24, 2002

Went to a seminar recently, one of the Microsoft Executive Circle series. Good speakers, great giveaways!

Cost-constraned Infrastructure

Doug Kasamis

Treat IT as its own company
  • Customer focus
  • ROI
  • Measurement
  • Budget
IT Governance

Align IT strategy with business strategy: include IT costs with business items.

Process automation

Information Security

Mike Rasmussen

"Security is a process, not a product."
  • Increased awareness of network vulnerabilities because of viruses.
  • Physical security weaknesses came to light on 9\11.
  • Enron-type debacles pressure more regulations like security audits.
  • Security is everybody's responsibility, and needs to be distributed.
  • Set standards & policies
  • Educating about those standards
  • Auditing for those standards
Security Architecture
  • Understand business requirements
  • 5-year plan: where are we going?
  • Define standards (regs, tech, operational)
  • Means for measurement
Defining Requirements
  1. Risk & threat assessment 
  2. Select criteria from standards 
  3. Add items not in standards 
  4. Implement
Security Process
  1. People: everybody 
  2. Architecture: aligns security with business, sets management expectation
  3. Awareness: communicate expectations
  4. Technologies: security products enforce security in support of architecture
  1. Management 
  2. Detection
  3. Consolidate data
  4. Response


LaRocque Family