Friend-LINK: <%=INSERTTEXT%>
about this column.
November 23, 2001
Vigilance
© 2001, Douglas E. Welch
|
|
![Make payments with PayPal - it's fast, free and secure!](https://secure.paypal.x.com/xclick/business=douglas%40welchwrite.com&item_name=Career-Op+Column&item_number=Career-Op&amount=1.00&return=http://www.welchwrite.com/dewelch/ce/ce011123.asp"><MG SRC="http://images.paypal.com/images/x-click-but3.gif" BORDER="0" ALT="Make payments with PayPal - it)
|
Over the last few months I am sure many of you have been involved in detailed discussions about computer security and the protection of the computer systems and information under your care. I can also guess that you are feeling overwhelmed with the demands that are being made upon you. The trouble with constant vigilance is that vigilance is not a constant. It is only maintained by constant re-evaluation and re-dedication. That said, there are several ways that you can use technology and human nature to keep moving in the right direction.
Automate everything
One of the most important things you can do today is to automate your security procedures as much as possible. The goal is to let your software do the tedious watching of log files and monitoring network connections in order to give you time to deal with the exceptions. Like the well-known cobbler whose children have no shoes, we can sometimes forget to apply technology to our own problems. Make technology work for you as well as your users. Purchase monitoring software or build your own. The time you spend now can mean hours, days or weeks saved by discovering vulnerabilities before they can cause damage.
This doesn’t mean you can just sit back and wait for the alarm to sound, though. New software flaws and security bugs are found every day. Part of your security duties should include watching for and reading about security flaws that may come your way. You need to keep detailed records of which servers are running which software versions, which routers are connected to which networks and a host of other information so that you can quickly react to any new threats. If you know what systems are vulnerable you can begin addressing any issues immediately, instead of checking each system one by one. Develop databases today that will allow you to quickly respond to any threat, real or perceived. The more prepared you are now, the better you will be able to react when something does occur.
Get everyone involved
Another excellent resource helping you guard computer security is the eyes and ears of those around you. Your users will often be the first people to spot a new virus, system exploit or security hole. Your job is to help them identify these problems and communicate that information to you. Too often, untrained users just accept problems as a matter of course instead of a signal that something is wrong. Train your users how to spot a new virus. Teach them about Trojan horse programs. Let them know it is ok to phone or email when something weird appears on their screen. You can’t hope to watch all your systems, all the time, by yourself. You need a thousand eyes watching for you. Too often we in high-tech see the end user as the bane of our existence. Instead, their front line watchfulness might just be what keeps your career on track.
Take a break
Finally, and most important, no one can maintain constant vigilance, even with the help of others. You need to work with those around you to find ways of having time away from the most pressing issues of your career. Perhaps one day you are on the front line of the security fight, but on another day you get to retire to a rear area for some R&R. Don’t put yourself in the position of being the one and only security person for your company. Such immense pressure would cause anyone to falter. You cannot hope to help protect your computer systems if you try and carry this burden alone. Engage everyone, your co-workers, your managers, your users, in protecting the security and data in your computer systems. Then, allow yourself time away to re-coup your energy and your focus. It is only in this way that you can provide the vigilance requested and required by your companies.
The need for increased computer security will only become greater as the years go on and as more and more important information is entrusted to your care. The most important point to remember is that constant vigilance cannot, and should not, be the responsibility of one, or even 10 people. Everyone must be responsible for computer security so that none are left to carry the burden alone. Attempting to do so will lead you down the road to an unsuccessful high-tech career.
Douglas E. Welch is a freelance writer and computer consultant in Van Nuys, California. Readers can discuss career issues with other readers by joining the Career Opportunities Discussion on Douglas' web page at: http://www.welchwrite.com/dewelch/ce/
He can reached via email at douglas@welchwrite.com
Book Recommendation <%=INSERTTEXT%>
Also on Welchwrite.com <%=INSERTTEXT%>