Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2014-12-08 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ISC StormCast for Monday, December 8th 2014 http://isc.sans.edu/podcastdetail.html?id=4265

Stop Admiring The Problem. Start Addressing The Problem.

Published: 2014-12-08
Last Updated: 2014-12-08 00:30:39 UTC
by Russell Eubanks (Version: 1)
7 comment(s)
How much energy do you spending admiring your problems? It does not matter what the problem is - asset inventory, vulnerability management or security awareness. You do have problems. What are you doing to make your current problem less of a problem? Set your problems aside for just a minute and take a brief journey to explore how your problems can be viewed as an opportunity. 
 
I have been guilty of this behavior in the area of vulnerability management. I was so focused on making sure that everything was scanned on a regular basis that I failed to work with the system and application administrators to help them remediate the vulnerabilities the scanners had identified. A much better alternative to just scanning everything on your network is to scan for a brief amount of time and then stop. Stop long enough to fix some issues the scanner identified and then go back and confirm they really were fixed. It does not have to be complicated. Perhaps you can use a simple chart that shows what was found, what was corrected and what still needs to be corrected. 
 
Collecting a bunch of "High" rated vulnerabilities adds no value. Correcting "High" rated vulnerabilities adds tremendous value. Instead of throwing missing patches over the fence to your administrators, offer help to them in their time of need. Maybe there is a valid business reason the administrators are not responding as quickly as you would like. Maybe they need extra support from your security or compliance teams to make progress in this area. Maybe they could use your help to focus on a solution to this problem. 
 
Every person should take time to make undeniable progress on one of their security problems because of the positive impact it will make on the security posture of their organization. Make progress, even if it is just baby steps. Make a move in the right direction to become the change agent that is desperately needed. 
 
What can you do right now to be the catalyst for the positive change your organization so desperately needs? 
 
What can you do right now to stop admiring the problem?
 
Russell Eubanks
@russelleubanks
securityeverafter at gmail dot com
Keywords:
7 comment(s)
Diary Archives