IT Security | work / life.

a couple things:

My company is very security conscious.
I don’t have a company issued smartphone and they won’t let me sync my iPhone to my work email/calendar
My name is attached as an IT resource on a project that won’t die.

It’s been around for about a year and last month we stopped work and went back to gathering requirements. The project sponsor is on the west coast and he scheduled a meeting last week after 5pm Central time. So I forwarded the meeting agenda to my personal email and created a reminder on my calendar with the conference call bridge info.

A follow up to that meeting is scheduled for next week. And somehow my personal email address shows up on the meeting invite (Microsoft Exchange will update the ICS if it’s forwarded, learned that today). And this follow up meeting is one of those where we rehash everything we talked about previously but this time with the executive sponsors and the budget approvers on the call. So there was a moment of “who’s gmail account is this?” happening this morning amongst the most important people in the company. “that’s me. I don’t have a blackberry and didn’t want to be in the office until 7pm on a Friday.” I’ll be so glad when this project is finished up.

Here’s a site that caught by attention yesterday. It’s the Internet Storm Center diary. Lots of great information like a Top 10 of new threat sites and tips on tightening up IT security. This article caught my attention. What a great list. Here’s some of my favorites.

How to Suck at Information Security

* Assume the users will read the security policy because you’ve asked them to.
* Create security policies you cannot enforce.
* Hide from the auditors.
* Expect end-users to forgo convenience in place of security.
* Ban the use of external USB drives while not restricting outbound access to the Internet.
* Say “no” whenever asked to approve a request.
* Act superior to your counterparts on the network, system admin, and development teams.

I’ve read through it a couple of times and I still laugh when I get to “Hide from the auditors”.

I’ve worked with a couple of different IT Security and Compliance Managers and “officers” before. Judging by the criteria on this list, none of them have sucked. And I think they’ve all made the companies I worked for less vunerable to attack. But everytime I walk by the desks of the security folks and they get a little jumpy like I’m looking at their screens, it still makes me laugh. Not sure I could do IT Security, unless of course I was getting paid for it.

Speaking of security, I found a whole bunch of great stuff today.

work / life.

Scott Johnson, Sr. Application Operations Analyst, Nashville, TN

Tag Archives: IT Security

personal email address

Information Security

Follow “work / life.”