There is an interesting Diary entry published this weekend called How to Suck at Information Security by Lenny Zeltser Security Consulting - Savvis, Inc. It's a high level list but has a lot of relevance. I would recommend reading and adding a comment or two.
One comment refers to deploying IDS/IPS and SIM solutions for the sake of having them without ever managing them. There is a lot to be said about that. ust getting monthly status reports from your SIM and not proactively using it for investigation, correlation, notification, integration into your Help Desk processes, Asset Management, Network Management Monitoring, Vulnerability Assessment, Operating System Events, Application Events and Business Processes you may be missing valuable information. While performing monthly status reports may provide some usability, using SIM technology pro-actively can assist you in deploying or jump starting your Information Security Program for managing a sustainable environment.
Greetz and tip of the hat to e.keighron (eak)
- Bill
Leave a comment