Attacks/Breaches
11/30/2007
05:45 AM
50%
50%

When Projects Cause Security Failures

Some tips on how to balance the day-to-day and big projects in security

3:45 PM -- Prioritizing your security responsibilities can be a challenge when there are many tasks and limited time to complete them. Some of us have such an extreme interest in security that we’d do it day and night if possible, but deadlines, managers, and non-work related priorities like family all influence how we prioritize our tasks.

I'm currently faced with more tasks than usual and have been a bit stuck figuring out what to do first. Someone provided me some guidelines that break it down like this: First focus on prevention and protection, then detection, and finally, everything else. Now that's great advice, but I’m still left juggling operational tasks while trying to make steady progress with my projects.

If you’re a manager, then you know projects need to demonstrate continuous progress, and must be completed on time. That's the de facto mindset for a manager because projects have the most impact on a business’ resources (time and money). But if managers go to the extreme of making projects more important than operational tasks, it can backfire.

Operational tasks are the daily activities that keep an organization running smoothly -- reviewing logs from servers, firewalls, and IDS/IPS, applying the latest security updates, reading security news and mailing lists to find out about the latest threats.

Security managers should understand this and realize that if projects aren’t progressing on schedule, it could be due to an imbalance in operational and project duties. If operational tasks fall to the wayside, a server may go unpatched and end up compromised. Even worse, the compromise could go unnoticed because logs weren’t being reviewed due to time spent on projects that got priority over the day-to-day.

What should you do when you experience such an imbalance? Well, a relationship between a security manager and his or her team requires the same fundamental trait personal relationships need to be successful: communication. Managers should have an open-door policy where their team can come when they feel overwhelmed or are unsure how to prioritize their duties. Security team members must take the initiative to speak honestly with their manager. If communication is a problem, consider finding a new job or new employees.

I’ve been fortunate to be in great working environments with communicative and understanding managers in all of my jobs but one. And that one was enough to show me what I was missing and to know what to look for in my next job. I hope everyone can be so lucky.

Just remember, communication is a two-way street for managers and members of the security team to ensure you're striking the right balance in your workload.

– John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8148
Published: 2015-01-26
The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges.

CVE-2014-8157
Published: 2015-01-26
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.

CVE-2014-8158
Published: 2015-01-26
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.

CVE-2014-9571
Published: 2015-01-26
Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter.

CVE-2014-9572
Published: 2015-01-26
MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.