Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: in-to-out security

from [Joe George] Network Security [Permanent Link]
Subject: RE: in-to-out security
Date: Wed, 29 Mar 2006 10:54:30 -0500 
Great! Thanks for all your feedback.  I think I have enough information
from the security community to get something going.  The risk assessment
suggestion would probably prove to be the best place to begin. I think
his managers need to know in a language they understand as to the
dangers of not having at least some policy in place.  Just like Kenton
mentioned, it is a starting point toward a security plan.  

Take care,

Joe 

-----Original Message-----
From: Kenton Smith [mailto:listsks@yahoo.ca] 
Sent: Tuesday, March 28, 2006 6:00 PM
To: Joe George; security-basics@securityfocus.com
Subject: Re: in-to-out security


--- Joe George <j.george@conservation.org> wrote:

<snip>


1.    Was I right to suggest this rather than help my
colleague look
for an app/training solution?

Yes, I would never agree to secure someone's network without there being
applicable policies in place first. If there is no policy you have no
starting point from which to come up with a security plan.

2.    How would you convince an obviously passive CTO
to do the right
thing?

Check the law. I know you've asked this further on but this may be the
only way to get through to this guy.
The only other thing I can think of is that if they expect their
employees to trust and respect management, then management has to do the
same thing in return. Tell them what you're doing up front. The people
who are really against it might quit, but the ones left behind are
probably the ones who are already using the company's resource properly.

3.    If such an application/training exists, can you
suggest
something? 

There are many companies that offer both software and training programs
in user awareness. I don't know any off-hand but Google will find a
bunch.

4.    Is it legal to implement user-monitoring without
informing the
staff?  This is where I think policy

This would be something that he'd have to investigate.
I am not a lawyer and the laws vary from state-to-state. I'd be very
surprised though if there isn't a precident saying that you at least
have to tell people you're monitoring them.


Kenton


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: application for an employment, Craddock, Larry
Next by Date:  SF new interview announcement: Open source security testing methodology, Kelly Martin
Previous by Thread:  RE: in-to-out security, Beauford, Jason
Next by Thread:  Deploying SSL-based VPNs, Joe
Indexes:  [Date] [Thread] [Top] [All Lists]