Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

Trust But Verify

Published: 2015-05-29
Last Updated: 2015-05-29 11:12:07 UTC
by Russell Eubanks (Version: 1)
1 comment(s)

Be intentional about how you spend your time. I believe that every person can incrementally improve their security program by being intentional about how they spend their time. One method is to be intentional about checking several items for compliance each and every month. While not intended to replace the value of an auditor, this approach can generate incremental value from the overall compliance process. If you have the requirement to be in compliance with PCI, you are in luck! You could easily create a table that pairs one of the 12 categories with one of the 12 months in a calendar year. Inside each month, you could list several items that are important to verify. When printed out and kept nearby, it can serve as a reminder to be diligent about tracking progress over time. Compare this table year over year and look for trends that will help identify the sometimes small areas to focus on that can make a big impact.
 
I have used this approach to expect more out of myself and to set the bar just a little bit higher. I found success in showing this matrix to outside auditors and received positive feedback. There was nothing magic about this table, it just forced me to be intentional each and every month. Using this approach, unexpected “compliance drift” can be identified and remediated on a much more timely basis. This approach can be used inside several of the regulatory compliance requirements. If you do not have one, ask friends and colleagues who do to learn what they find beneficial in their respective environments. As always, a great place to start is with the 20 Security Controls.
 
Can you make it easier on yourself to do the right thing by being intentional? It believe it is absolutely possible to leverage systems like this to make it easier to do the right thing.
 
What systems do you use to force you to be intentional? Please use the comments section to share what works for you.
 
Russell Eubanks
@russelleubanks
1 comment(s)
ISC StormCast for Friday, May 29th 2015 http://isc.sans.edu/podcastdetail.html?id=4505

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Angler exploit kit pushing CryptoWall 3.0
1 day ago by Brad Duncan (0 comments)

Possible Wordpress Botnet C&C: errorcontent.com
2 days ago by Johannes (3 comments)

Business Value in "Big Data"
6 days ago by Guy (0 comments)

Lazy Coordinated Attacks Against Old Vulnerabilities
4 decades ago by Johannes (1 comment)

View All Diaries →

Latest Discussions

Dridex updated malware Evading Wireshark Interpretation
created 9 hours ago by Mostropi (0 replies)

Seeing increased activity against port 5060 on my home pfSense firewall via Snort
created 3 days ago by Lee (3 replies)

Detecting the New Dridex Malware
created 1 week ago by Mostropi (0 replies)

What is the current Vulnerability targeted by Magnitude Exploit?
created 1 week ago by Mostropi (2 replies)

DShield-Top100 sources list vs the ASCII version
created 1 week ago by JamesW (1 reply)

View All Forums →

Latest News

View All News →