The InfoSec Blog

And while on that subject …

“Consult Human Resources when making disaster recovery plans”

Every DR plan I’ve seen has failed to take into account human factors.
The most basic of which is that if there is any one of a large number of disaster scenarios, how are staff going to get in to the DR site?

So: here we are in Toronto and the DR site is in Arizona …
what sort of disaster will take out Toronto and let all the staff here track down to Arizona in order to run the IT services to support the customers in, guess where?
Right: Toronto Read the rest of this entry »

http://www.smartplanet.com/business/blog/business-brains/why-dont-companies-apply-more-risk-analysis-to-layoff-decisions/3447/

So, here we are, all trained up in Risk Analysis, knowing about the risks of hiring and firing, disgruntled employees, various litigations, and more. We’re often considered pests for asking the “Why Are We Doing This” questions about new technology and initiatives that bring security risks.
Read the rest of this entry »

You betcha its not!

There are GOOD practices for deploying SNMP.
The BEST practice is to avoid V2.
If you must SNMP then use v3
http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1078248,00.html
http://www.snmp.com/snmpv3/v3white.shtml
or http://www.tcpipguide.com/free/t_SNMPVersion3SNMPv3MessageFormat.htm
if you are feeling geekish.

However my personal view is DON’T DO IT.
Read the rest of this entry »