No offense intended
But "Securosis" sounds like an evil disease!
Social networks, local admins, unpatched software, missing USBs: the causes of security problems in your business are often not just the big stuff that tries to get inside the firewall, it's the little problems that are already on the inside. On October 13th at 16:00 BST/11:00 EDT, our latest live Regcast questions- Could …
Well, the more information you share about your experiences the more risks you might be taking when the "bad guys" are having an eye on you ;-)
So I think I'll skip this one 8-)
A little more seriously; "The weakest link". And that will always be the end user. That is the thing to look out for. Especially since most of the time the user in question might not even realize what the risks of his or her actions are. OR they don't care, which is something you should always keep in the back of your mind as well.
Either way... You can't prepare for everything but IMO keeping an eye out for the weakest links in the whole infrastructure and keeping a backup plan in mind in case something does go completely wrong is most likely the best way to go.
IMO that works for both big as well as smaller environments.
However, in a lot of cases departments tend to think "big", often resulting in many people who will fall between the gaps so to speak. Exceptions will be made because "people can't do their jobs" and in the end you'll have more risks and probably also more expenses (time is money as well) to cover for.
While if you try to think "small" and work your way up you can most likely come up with a better solution which covers most aspects.
It might seem like way too much time when considering such plan of action, but IMO the end results will be better. Esp. since you most likely won't have to cope with a dozen of small exceptions every here and there.
My 2 cents on the matter.
Biting the hand that feeds IT © 1998–2022