Charged with ensuring the confidentiality, integrity and availability of his company's systems and intellectual property, identifying areas for cost cutting did not come easy for security officer Mathias Thurman. Here are four key cut back areas which he came up with
How often have you heard, "I'm not sure you can do that; there isn't a policy in place?" I hear it too often, because I hate writing policies. And I hate writing policies because at a very engineering-centric company like mine, generic policies don't go over well.
I finally settled on a strategy for wireless security. As wireless access points began appearing on our company's network, we configured them with Cisco Systems Inc.'s Lightweight Extensible Access Protocol. LEAP forces users to authenticate to the access point with their enterprise credentials -- the same credentials used for virtual private network access, as well as services such as payroll and Microsoft Exchange e-mail. That's because we use a centralized directory that ties into most of our core applications and lets employees use a single password to sign on.
Two members of my security team gave their two-weeks' notice this week. Each departed for different reasons. Our most technical security engineer left to start his own company. Our security auditor jumped ship for one of the big consulting companies. It offered him a significant salary increase, more vacation time and the opportunity to build his own team.