Dealing with Security Challenges
Do you ever feel like you are the lone gunman? Taking pot shots into the dark while trying to solve the your organization's IT issues? Sometimes it seems we need an army of people on our security team just to keep up with the daily vulnerabilities and challenges.
Even so, some of us are small security departments being constantly bombarded with incidents, vulnerabilities and forensics. We try to stay one step ahead of the bad guys, but feel like we're losing the battle. Do you have some helpful advice for smaller teams? That's were ISC can help. We're here to pass on the knowledge from all over the world to teams small and large.
How do you handle these challenges, or how would you do it with less personnel? Perhaps you have some tips for your overwhelmed and understaffed collegues. Please send in any helpful ideas you might have for trying to keep up with this ever changing threat landscape. We'll post your suggestions here all day.
Mari Nichols
Updates: Dom writes in with this good advice: "Automate everything. It sound simple, but if you are checking logs, write a script to do it, then have the script run by cron/scheduler. Same apply to configuration checks, vulnerability testing, whatever."
Jeremy writes that he finally gave in to using WSUS and it has made a lot more time for him to work on other more pressing items.
Summary Tips:
- Set priorities. Do you really need to perform forensics on a machine that was infected with a virus?
- Use the National Vulnerability Database to help determine the priorities in patching based scores and risks in your own environment.
- Set aside time to increase your knowledge. Running from incident to incident, training can get pushed aside. Plan time each day to keep up with the newest vulnerabilities.
- Talk to your management and use their input to agree on priorities.
- As with all incident response, remember the first rule..... "stay calm". Document your daily tasks for "lessons learned" about your work flow.
- Ask for assistance if you are feeling overwhelmed. There is probably a lot of talent not being used on your IT team for security. Take a step forward and tap into your entire team. Security is interesting and getting help probably isn't as hard as you think.
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago