Computerworld - As I mentioned in my last installment, I started my new job as the information security manager for a hardware company about a month ago. The company didn't have a security manager for about a year before I was hired.
Because of the lack of infosec leadership, many of the associated duties were absorbed by other departments. For example, the Unix team has been managing the devices used to filter mail and Web traffic. The network team has been managing the VPN concentrators and firewalls. Other infosec duties, such as vulnerability assessments, configuration and patch management, weren't being attended to at all or were being done improperly.
For the past several weeks, I've been soaking up information, meeting key individuals and learning as much as I can about our network, servers and applications. I've realized that I've got a long way to go. And I'm also realizing that there are lots of rocks out there, the kinds of rocks that you lift and find lots of wriggling worms. My challenge will be deciding which rocks I want to turn over.
Spending Decisions
Of course, my priorities are determined by various factors. For example, I have about $80,000 to spend on intrusion detection, and I have to spend the money within the next couple of months. Because I don't want to lose the chance that this budget item represents, refreshing the existing, somewhat limited intrusion-detection system infrastructure is high on the list of things I need to tackle.
My predecessor invested in four RealSecure Network Sensors from Internet Security Systems Inc. in Atlanta and three ManHunt sensors from Symantec Corp. in Cupertino, Calif. These seven sensors give us the ability to monitor the traffic at the edge of our network. Why do we have two different IDS sensors? My understanding is that my predecessor, who was not very technical and was overwhelmed with the need to create policies dealing with the mandates of the Sarbanes-Oxley Act, was coaxed by clever sales representatives into purchasing security products, whether he needed them or not.
This would explain why there is a Cisco Protego event management appliance still sitting in a box alongside some unused Cisco firewall service modules and lots of unopened scanning software. It's not that these are inferior products; they simply weren't needed, and now we're left with a lot of equipment and software that's just lying around collecting dust. I've seen this sort of thing before. Managers sometimes get reeled in by wily sales representatives. The reps show up in
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
