Re: [ISN] Letter to the editor - Token effort on IT security

From: InfoSec News (isnat_private)
Date: Wed Apr 17 2002 - 00:23:27 PDT

  • Next message: InfoSec News: "RE: [ISN] Cracks in the Firewall"

    Forwarded from: rferrellat_private
    > Too many managers think that IT security is firewalls or
    > intrusion-detection systems. It isn't. There are several others that
    > are important, but you get the idea.
    Here's another example of this mindset, related from personal
    experience: Imagine an NT/Win2K server farm of perhaps 20 boxes, at
    least six or seven of which are running IIS.  Add to that eight
    Solaris servers, four of which are running Apache and in one case
    iPlanet as well.  Now visualize Snort running on the Solaris side and
    ICECap on the Microsoft.  Picture yourself being the one person
    responsible for security analysis/response for all these servers,
    keeping in mind that they're all .gov and therefore prime targets.  
    Assume around 2,000 suspicious events per 24 hour period.  Sound like
    a busy job?  Guess what: senior management of the agency in question
    have dismissed the notion that security analysis is anything like a
    full-time job.  They apparently feel that this can be dealt with in,
    at most, a couple of hours a day.
    I should add that the total technical infosec staff for this division
    of the agency is one.  There are several people devoted to policy
    writing, but only one to actual security implementation, across all
    On the other hand, it's a vast improvement over a year ago.
    Anyone need a slightly (ab)used security analyst? 
    Robert G. Ferrell
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Apr 17 2002 - 04:17:37 PDT