Jan 26, 2012
This month's cal lkicks off 2012 with a big question - "Do security professionals follow their own policies?" ... and as we talk through this issue we discover that there are other subtleties to this question. Does it make sense for Information Security to have separate accounts for general and administrative access? Does a securit policy fail if it does not account for 'exceptions' to that policy - legitimate exceptions? What about an exception policy that allows information security professionals to navigate complex policy issues and receive 'allowances' to do their jobs without being limited by the general user policy?
These are complex questions that we tackle, and offer some guidance for ... and in the end, things aren't as simple and black-and-white as we'd all like ... you'll just have to listen to hear the advice we dispense!