CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [238]
Members of the security team, as well as other members of the organization, must be clear about reporting paths and authority. Your training and security knowledge make you the ideal candidate to be the champion of security efforts in your organization.
Minimizing Mistakes
A big component of the security effort revolves around prevention. Accidents happen, incidents occur, and humans make mistakes. Mistakes can be minimized if strong preventive measures are considered as part of the process. Such measures include training, awareness, and careful reviews of processes and policies. The old saying “An ounce of prevention is worth a pound of cure” is always the truth in any security effort.
Make sure managers and employees are aware of the types of activities that occur in the field and that they know how to implement and continue to support security efforts. These tasks are key aspects of prevention.
IT staff, including network administrators, must be kept up-to-date on industry trends, measures, exploits, and countermeasures to deal with threats. You can be a big asset to the IT staff if you help them remain current. Virtually all network administrators want to have secure environments; unfortunately, just keeping a large network functioning can be overwhelming.
Enforcing the Policies and Procedures
When an incident or a security violation happens, swift and decisive action must be taken. This might include additional training, disciplinary action, or other measures. It’s human nature to neglect policies and procedures when they aren’t enforced. You should make sure everyone involved in information processing is aware of the organization’s policies and procedures. In addition, when a problem is discovered, the specifics must be clear to management.
Before you take corrective action involving employees, it’s a good idea to understand the knowledge level of the employees involved; it does no good to punish someone who doesn’t know better. The intention here isn’t to turn you into security police, but to remind people that policies matter, that there are consequences for not following them, and that someone is watching activity. In many cases, this is enough of a deterrent to prevent dishonest acts, and it’s a reminder that people can’t let their guard down about security.
Real World Scenario
The World of Monitoring
You’ve been monitoring the activities of users in your company. You unintentionally intercepted an e-mail on the system indicating that a key employee has a drug problem and is in a treatment program. What should you do with this information?
This is a tough situation to be in, and you’ll find yourself in similar circumstances more often than you want. This information was gained by accident, and it’s potentially embarrassing and sensitive in nature. Both ethical and legal issues are involved. You would probably be best served by not disclosing this information to anyone. If you’re uncertain, you should discuss the general situation with your human resources department; avoid specifics until you know how the company wants to handle it. You should never discuss such a situation with anybody without first consulting HR, and you should certainly never discuss it with anybody but authorized personnel.
Simplifying Security Administration
As an administrator, one of your goals should be to always simplify your security implementation as much as possible. The simpler you can make it, the easier it is to enforce.
Allow me to share a straightforward analogy. When my son was small, I had a simple policy, and it was easy to enforce: Never touch matches. When he was much older and had become a Boy Scout, I had another simple policy that was easy to enforce: Use your best judgment when it comes to fire.