Forwarded from: rferrellat_private > Too many managers think that IT security is firewalls or > intrusion-detection systems. It isn't. There are several others that > are important, but you get the idea. Here's another example of this mindset, related from personal experience: Imagine an NT/Win2K server farm of perhaps 20 boxes, at least six or seven of which are running IIS. Add to that eight Solaris servers, four of which are running Apache and in one case iPlanet as well. Now visualize Snort running on the Solaris side and ICECap on the Microsoft. Picture yourself being the one person responsible for security analysis/response for all these servers, keeping in mind that they're all .gov and therefore prime targets. Assume around 2,000 suspicious events per 24 hour period. Sound like a busy job? Guess what: senior management of the agency in question have dismissed the notion that security analysis is anything like a full-time job. They apparently feel that this can be dealt with in, at most, a couple of hours a day. I should add that the total technical infosec staff for this division of the agency is one. There are several people devoted to policy writing, but only one to actual security implementation, across all platforms. On the other hand, it's a vast improvement over a year ago. Anyone need a slightly (ab)used security analyst? ;-) RGF Robert G. Ferrell rferrellat_private - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Apr 17 2002 - 04:17:37 PDT