InfoWorld Security Boot Camp: Day 12: Have a productive security policy discussion with the highers-up
 
October 6, 2009
 
YOUR ASSIGNMENT TODAY: Have a productive security policy discussion with the highers-up.
 
WHY DO IT: Your boss may decide that outsourcing vendors and employees deserve his total trust. As a security pro, your job is to convince him otherwise.
 
HOW TO DO IT: If your boss instructs you to trust everyone by default, let them know that isn't the correct stance for a security person to take. Employees, vendors, and outsourced support should always be given least-privileged permissions and privileges. All should be given background checks and asked to sign and affirm your company's security policies. Turn on auditing, collect events, and create actionable, appropriate alerts.
 
RECOMMENDED READING: "Insane in the security membrane," Infoworld.com