now your network administrators and engineers and one of the things that I would stress to you in a lot of companies, especially if they're smaller companies, your network people are your security people. Why, Because of cost? Because you have people with a similar skill set
and in, you know, a lot of companies will justify that. Based on, you know, why do I need to people
that both have network skills? Why am I paying two salaries? Well, the reason you're paying two salaries is your network people. They ought to be the ones with the actual permissions and writes on the network to do things, to install software, to create accounts and to do these elements.
Security admin should be responsible for going behind them
and auditing the security. Add mends are your are your checks and balances really provide a means of checks and balances on the network. Your network administrators in UNIX, your your route. People with root access, they can do anything they want on the network.
We gotta monitor these folks. We can't just have blind trust in their network administrators,
and I've worked for companies that do where the network administrator was beyond reproach. And a lot of times these are companies that are very functionally driven, meaning if I'm a company that makes widgets, my focus as a CEO is to make more widgets, sell more widgets, making more efficiently.
I t especially I t security is a necessary evil.
Well, I t security will make or break your organization. We better start thinking about it as a resource that we want to utilize One of the companies I worked at in all seriousness. The network administrator was extremely counted. He was brilliant. But he was also, um,
somebody that was a bit petulant
that was easy to take off. And if you made him angry in all seriousness and it didn't matter your role in the company, with very few exceptions he would lock you out of your account and then he just wouldn't answer his phone.
So we had people that had business needs that couldn't satisfy him because somebody had inadvertently offended the eye team manager on. And this was at a five fairly sizable company. This company had about 200 employees and and I was really shocked. But what happens is
ah, business that's more functionally focused doesn't want to deal with i t.
So we hire a network grew so to speak, and we put all our faith in them. They must be audited just like anybody else and honestly, more so than anybody else because they have the most opportunity to abuse those privileges.
Okay, so your network ad men's these air the people that should be more concerned with pushing out updates, patches, managing band with the creation of accounts, Where's the security at men's? Ought to be the one stepping behind them in monitoring this.
finance finance is important. Your chief financial officer needs to be on your side.
What in the world does a CFO have to do with security? Because he's the one that the one that signs the checks and approves the budget. So what we find is this is a very important person to have his now.
now stakeholders stakeholders are the people that are affected by the business and in any sort of project that we maintain their always various people that are affected. We need to identify our stakeholders, and we need to work with them to make sure that we're meeting the requirements remember
what we're most concerned about is I t professionals
As security professionals,
any role is to support the organization's long term goals to help my company get to where we want to be in five years. So knowing who our stakeholders are and working with them closely is important.
HR and by H r. You could also add legal. These are really important departments that are to be involved. When we're looking at policy,
you know what has to happen. What happens if we find illicit material on one of our employees Work stations Better ask HR. We wanna handle that. Well, I suspect an employee of, uh, having some sort of illicit activity. Conine Stork Install a keyboard logger on their system.
And let me tell you, that's a surprisingly complex question.
It's rarely a matter of sure you can or no, you can't. There are a lot of things that have to happen in order for you as an organization to infringe upon an employee's privacy. Ask h R. Consult legal. You need change control processes in place. You need
processes to deal with employees
in place, and managers need to know if there's something that isn't documented and the situation has arisen. Where do I go? Usually it's HR or legal.
An emergency response team.
This must be a team that's named ahead of time. And when we talk about emergency response team, you may also hear Incident Response Team. What are we going to do in the event of an emergency? Maybe a fire? Uh, or some need to evacuate the business. The building.
An incident response team. How do we respond to cyber incidents
on the network? This is something that can't be done on the fly. We don't just make up the rules as we go along. We talked a little bit about evidence collection back when we talked about forensics, and it is so easy to modify evidence through collecting it
that we have to be exceedingly careful. The steps that we followed to do that
we need procedures written. Maybe we don't have the skill to do that in house. So are written. Policy says Call this number. Call this expert, isolate the system. Don't allow anybody to access it. If it's an active attack, contained the damage. Be careful with how we contain the damage.
Powering off a system will stop that system from being attacked, at least through the network.
But it will also erase all the evidence so disconnecting from the network is opposed to powering off the system. Our users need to know that information it needs to be documented.
What most users need to know is who's on the incident response team and how to contact them in the event of an attack
facilities manager. Uh, these are the folks that control access to the facilities. A lot of times they worked very closely with the physical security manager with facilities things like H back water. Those sort of issues would be directed at the facilities manager,
physical security manager, and a lot of times these two go hand in hand.
What to do for physical security breaches? What type of monitoring do we have in our building?
But the bottom line is you'll notice all these distinct roles all these distinct functions. We don't have a security admin we don't have, ah, a network admin. We have many people
within our organization responsible for various roles, and our network admin is really a network admin team with roles divided out across the team. Same idea with security admin in the other roles separation of Judy's and making sure that we enforce principle of Lise privilege
so that no one has too many rights or permissions.