CIS 608 Information Security Blog

In an ideal world security controls should integrate seamlessly with business strategy and through policy and procedure support operations.  In reality however  security controls often disrupt operations. From a user perspective an Information Security Department is simply a group of people sitting behind computers all day saying “no” to everyone. Although that is sometimes the case (“no” is a common word in their vocabulary from what I have seen), there are reasons behind it.   This week I want to share a story of how a change in policy and procedure by one security department, disrupted current operational workflow in another. Our AV engineering team works with integration vendors to build out the videoconferencing infrastructure through our offices. One day our director of security decided this  vendor  had too many badges assigned to them and wanted to reel back access to physical locations by limiting the badges to 2.    The reasonin...

As you can clearly tell from my previous posts, I am a big fan of automated controls. This week I want to share with you a story of a recent computer upgrade. I had an old 2013  Macbook  Air. Our Desktop Engineering team was tasked with rolling out the new OS, Mojave, to all outdated Mac systems. Now my Air was a test Mac I got years ago and never really had much need to upgrade. Through automated controls, specifically a tool called Casper JAMF, our Desktop  Eng  team was able to tell that my Mac was outdated and needed an upgrade.   They reached out to me, set up a time to update, and realized that the hardware was simply too old for the new OS. To accommodate they initiated an update procedure. A new  MacbookPro  was imaged, updated, and given to me. They jumped the gun when they distributed it to me in production however and the disk encryption,  FileVault , was not completed before it left the secured image lab. Once again, the JAMF s...