Attacks/Breaches
11/30/2007
05:45 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

When Projects Cause Security Failures

Some tips on how to balance the day-to-day and big projects in security

3:45 PM -- Prioritizing your security responsibilities can be a challenge when there are many tasks and limited time to complete them. Some of us have such an extreme interest in security that we’d do it day and night if possible, but deadlines, managers, and non-work related priorities like family all influence how we prioritize our tasks.

I'm currently faced with more tasks than usual and have been a bit stuck figuring out what to do first. Someone provided me some guidelines that break it down like this: First focus on prevention and protection, then detection, and finally, everything else. Now that's great advice, but I’m still left juggling operational tasks while trying to make steady progress with my projects.

If you’re a manager, then you know projects need to demonstrate continuous progress, and must be completed on time. That's the de facto mindset for a manager because projects have the most impact on a business’ resources (time and money). But if managers go to the extreme of making projects more important than operational tasks, it can backfire.

Operational tasks are the daily activities that keep an organization running smoothly -- reviewing logs from servers, firewalls, and IDS/IPS, applying the latest security updates, reading security news and mailing lists to find out about the latest threats.

Security managers should understand this and realize that if projects aren’t progressing on schedule, it could be due to an imbalance in operational and project duties. If operational tasks fall to the wayside, a server may go unpatched and end up compromised. Even worse, the compromise could go unnoticed because logs weren’t being reviewed due to time spent on projects that got priority over the day-to-day.

What should you do when you experience such an imbalance? Well, a relationship between a security manager and his or her team requires the same fundamental trait personal relationships need to be successful: communication. Managers should have an open-door policy where their team can come when they feel overwhelmed or are unsure how to prioritize their duties. Security team members must take the initiative to speak honestly with their manager. If communication is a problem, consider finding a new job or new employees.

I’ve been fortunate to be in great working environments with communicative and understanding managers in all of my jobs but one. And that one was enough to show me what I was missing and to know what to look for in my next job. I hope everyone can be so lucky.

Just remember, communication is a two-way street for managers and members of the security team to ensure you're striking the right balance in your workload.

– John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web