![]() I tend to beat up the control implementation and process management team(s) while I find a hole in the often poorly-written controls and wait for them to get things right. ![]() You make it hard, they find a way around it, instead of follow the process. They feel the need to start slamming doors shut with the assumption that removing access and making processes difficult to get the access they need so they can encourage people to only ask for things they absolutely need is a bad idea for one reason above all else. ![]() Ask yourself, how many times can that work before it is revenue impactful and someone who cares gets wise on it? ![]() The number of entities who have paid ransoms and not reported to the authorities in the last year alone is staggering. The problem is that instead of approaching the problem pragmatically, IT and Security leadership have a lot of downward pressure from their bosses to stop successful attacks, completely. Limiting it further to accounts with privileged, managed access credential sets is important. Limiting who has permission to use performance and utility tools to people who need that access makes sense. The likelihood that Wireshark was the iceberg that sank your Titanic is pretty low. Wireshark can be a portable application, which means if someone has established persistence inside of your networks, how they got in is much more important than the tools they can access, and you therefore have MUCH bigger issues to worry about. If someone got into your networks, it doesn't matter how good of a job you did. I understand the urge for an organization to take broad strokes to triage their situation, but lets face it. For questions about this status, to request a user flair, or if you think that these users have violated this subreddit's policies, please message the mods. This allows subscribers to ask them questions about their areas of expertise while ensuring transparency. security product manufacturers and service providers) to disclose their affiliation. We ask all users with a potential conflict of interest (e.g. Need help with a computer security problem?Īre you looking for a job or looking to hire someone?Īre you looking for home defense and security systems (alarms, CCTV, ect)?Īre you a security guard or physical security professional?Īre you here to post an advertisement or spam? This subreddit is oriented towards computer security professionals Want to share information or resources? Message The Mods to find out how! You would rather build a relationship with the /r/CyberSecurity community than get banned! Please message the mods before posting links to your own projects or if you have any questions about the advertising policiesĭo not post personally-identifiable information, unless the source has consented to it. Such posts will be heavily monitored and comments may be locked as needed. Posts discussing political issues that affect security are fine, but the post must be geared towards the security implication. No editorializing and no political agendas. This is the guiding principle for all posts. No fundamental security questions or tech support requestsīasic questions on security concepts and fundamentals and requests for tech support are not appropriate for this subreddit. Posts related to burglar alarms, weapons, and similar concepts are not appropriate for this sub. This is not a general security subreddit. Must be relevant to security professionals For example, "why passwords are important" is too fundamental. "This security forum is oriented towards private white hat security professionals." If a post has very basic information, it is not appropriate for this sub. Please note, the 'old' Reddit is no longer kept up to date. ![]() This security forum is oriented towards private white hat security professionals. To see the current sidebar and rules you must view them on new reddit. NOTICE: This sidebar and rules are no longer being updated. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |