Security Policy A Paper Tiger.

The article highlights problems encountered by the author as a result of routinely ignored computer security policies. The installation of unauthorized application processors (AP) has been a continuing problem, so when he detected one the other day, he was not surprised. He called the network engineering group and gave his device's media access control address and location, thinking that they could log into the switch that was serving the location, look up his MAC address, identify the port and trace it to a specific wall jack. In the past, the author has successfully identified rogue AP in this manner. However, in this instance, the group was not able to find his MAC address. So he tried using AirMagnet's Find utility, which works as a signal-strength meter to help locate the AP. It worked like a charm. He could see the AP sitting right on top of an employee's monitor. A few weeks back, in the aftermath of a SQL Slammer outbreak, a manager proposed that the author's group take on incident-handling and remediation issues. The author discovered that information technology security is not the only group with a written incident-handling policy. To rectify that, the author wrote a single-page incident-protocol document that outlines the main steps all departments should take when responding to an incident. The author focused on four areas: preparation, identification, response and containment. Although they are getting better at responding to incidents, common problems arise. One is that no one wants to take charge. Another problem is that there is always confusion as to who should conduct certain activities. Hopefully, by creating a common incident-response protocol and ensuring that everyone is on the same page, responses to all events will become standardized, and incident management will become a routine aspect of doing business.