General discussion


Security is used for show

By cttechguy72 ·
I work for company about 160 users. we have a nice security framwork and a manual full of polcies, but when security incidents are found the people I report to kinda back off and tell me we have to pick and choose the political battles to fight. Its like they want security but its all for show. Im currently the security analyst and I report to the security officer. Im not sure how to handle this situation.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

I hate it when they do that

by Michael Jay In reply to Security is used for sho ...

Politics has no place in the work place but it is there and it is the way the game is played. Makes me mad as can be. Security more than any other area should be 1 and 0, true or false, on or off, picking and choosing battles is just wrong.

Collapse -

I agree

by cttechguy72 In reply to I hate it when they do th ...

I know and I agree with you. I have been in charge of our spam filtering and now they want to allow the users to whitelist all personal email addresses. I said we might as well allow web based email also. In one of my investigations I came across a user using work related words in the subject heading just to try and make it look like it was work related email. Again this was justified as not breaking any rules. lol

I guess something will just have to happen to make people take security more seriously. Im just not sure how to handle this since Im the security analyst. I dont want to get in trouble for not doing my job. Im just going to document and report everything i find.

Collapse -

Document, Document, Document

by Tig2 In reply to Security is used for sho ...

you are dealing with "more equal pig" syndrome. Get used to it- in Security world, you will get it a lot.

If you are not subject to laws regarding security, chances are that you will not be able to get traction. One thing that may help is to have a complete understanding of business strategic direction.

If the company envisions being publicly traded in the next three years, SOX will need to become a consideration now. The reason is that compliance is a Wall Street litmus test. You can't be publicly traded and non-compliant.

Other rules pertain based on your business focus. Many industries have compliance requirements that can speak tot he business holistically.

When choosing your battles- and you will have to- make sure that your analysis is based on real world examples of loss and corruption. Look at the hard costs associated with breaches and downtime due to end user abuses of the system.

Bottom line- money speaks louder than words. Use the cash dollar to support your case.

And remember- I'm pulling for you. We are all in this together. Security is a tough row. Good luck!

Collapse -


by techsupport In reply to Security is used for sho ...

most organizations have the same policy. they do just enough until their forced to do otherwise. Or because of the nature of the business they may have to pick and choose what measures to take because it may hurt the bottom line...or cast a showdow over the company. Just c.y.a. and document everything for your own record. if something does come up you will have the proof to pass the "buck".

Related Discussions

Related Forums