Computerworld - Knowledge bases and incident-reporting applications are an important part of my information security department's tool set. Here's why: Most technically minded individuals, especially those with engineering backgrounds, don't consistently document their day-to-day activities.
In my company's IT security department, our team is responsible for the administration and upkeep of all of our applications. These include our RSA Security ACE SecurID authentication servers, intrusion-detection system (IDS) infrastructure, integrity-checking software, forensics tools, wireless-access-point detection and management software, and our data correlation environment. These applications and the operating systems on which they run continually change, so we are always tuning them, installing patches and troubleshooting problems.
Some of the time, when we figure something out, we jot down a few notes on what we did. But other times, we don't write anything down at all. That's fine as long as everyone is around and can remember what they did. But people come and go here, and we tend to forget the details.
So when a problem comes up again and again, it would be nice to be able to call upon past experience to quickly solve it. Knowledge bases are an excellent tool for doing this. We already use Houston-based BMC Software Inc.'s Remedy application for its help desk and change management functions, and we considered using that to build our knowledge base.
However, we wanted to control the administration of the application and underlying server, since it will contain sensitive security-related data. We can't do that if we're sharing that resource with another department, and buying another copy wasn't an option.
After some searching, I think I've found something that fits the bill - and it's free. PhpBrain was initially developed for a gaming project, but the developer has since released the source code for use as a knowledge base. (Documentation and source code are available at http://sourceforge.net/projects/phpbrain/.)
PhpBrain is Web-based, can run on a standard PC and allows for easy information input, search and retrieval. In addition, it allows us to maintain control of the server and the data within it. With the Remedy server, the information would be centrally stored in another department and commingled with its data.
If a disgruntled employee was able to obtain access to our knowledge base, he might be able to use that data to gain access to our security systems or bypass existing controls. For example, we don't have total IDS coverage. If someone knew which networks aren't protected, he might attempt to target those.
With phpBrain, as we deal with a problem, we
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
