Attacks/Breaches
11/30/2007
05:45 AM
50%
50%

When Projects Cause Security Failures

Some tips on how to balance the day-to-day and big projects in security

3:45 PM -- Prioritizing your security responsibilities can be a challenge when there are many tasks and limited time to complete them. Some of us have such an extreme interest in security that we’d do it day and night if possible, but deadlines, managers, and non-work related priorities like family all influence how we prioritize our tasks.

I'm currently faced with more tasks than usual and have been a bit stuck figuring out what to do first. Someone provided me some guidelines that break it down like this: First focus on prevention and protection, then detection, and finally, everything else. Now that's great advice, but I’m still left juggling operational tasks while trying to make steady progress with my projects.

If you’re a manager, then you know projects need to demonstrate continuous progress, and must be completed on time. That's the de facto mindset for a manager because projects have the most impact on a business’ resources (time and money). But if managers go to the extreme of making projects more important than operational tasks, it can backfire.

Operational tasks are the daily activities that keep an organization running smoothly -- reviewing logs from servers, firewalls, and IDS/IPS, applying the latest security updates, reading security news and mailing lists to find out about the latest threats.

Security managers should understand this and realize that if projects aren’t progressing on schedule, it could be due to an imbalance in operational and project duties. If operational tasks fall to the wayside, a server may go unpatched and end up compromised. Even worse, the compromise could go unnoticed because logs weren’t being reviewed due to time spent on projects that got priority over the day-to-day.

What should you do when you experience such an imbalance? Well, a relationship between a security manager and his or her team requires the same fundamental trait personal relationships need to be successful: communication. Managers should have an open-door policy where their team can come when they feel overwhelmed or are unsure how to prioritize their duties. Security team members must take the initiative to speak honestly with their manager. If communication is a problem, consider finding a new job or new employees.

I’ve been fortunate to be in great working environments with communicative and understanding managers in all of my jobs but one. And that one was enough to show me what I was missing and to know what to look for in my next job. I hope everyone can be so lucky.

Just remember, communication is a two-way street for managers and members of the security team to ensure you're striking the right balance in your workload.

– John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-4403
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.ph...

CVE-2012-2930
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers...

CVE-2012-2932
Published: 2015-04-24
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the (1) selitems[] parameter in a copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/...

CVE-2012-5451
Published: 2015-04-24
Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service (tvMobiliService service crash) via a long string in a (1) GET or (2) HEAD request to TCP port 30888.

CVE-2015-0297
Published: 2015-04-24
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methos via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.