Stories by J.F. Rice

Security Manager's Journal: Upgrading, and looking for the best we can afford

Several of the company's security technologies are reaching end of life. It's a new experience for our manager to be improving security measures instead of closing gaps.

Security Manager's Journal: Rights can be so wrong

Windows service accounts used by software are often given domain administrator rights, just because it's quick and easy. That sort of thing rubs security managers the wrong way.

1

Security Manager's Journal: Reining in network accounts

Many accounts exist that aren't associated with individual people, and theyve gotten out of control.

Security Manager's Journal: Getting up to date on expired access rights

Employees come and employees go, but access rights tend to live on long after their departures.

Security Manager's Journal: Ready to hire, but coming up empty

Now that our manager has gotten approval to hire new staff, he can't find anyone eager for the good jobs he's offering. Is infosec management a bubble of prosperity?

Security Manager's Journal: Can an enterprise run its security with Microsoft's tools?

The desktop group is pushing to abandon enterprise-class tools for built-in antivirus, firewall and encryption software from Microsoft. Is that any way to run a business?

Security Manager's Journal: New ransomware attack hurts trustworthiness of Web

When an infection can result from just calling up a mainstream website, malware becomes harder to battle.

Security Manager's Journal: A new look at vulnerability scanners

They've improved, which raises some interesting possibilities for shoring up security defenses.

Security Manager's Journal: Handling zero-days with zero staff

A managed security service might be the answer, our manager thinks.

Security Manager's Journal: Security training on the cheap

With no budget, our manager has to devise a security awareness and training program on his own.

Security Manager's Journal: Information rights management: Magic bullet or dud?

Our manager seeks a way to protect information on a network whose perimeter is blurring in the age of SaaS.

Security Manager's Journal: Time for a mobile-security upgrade

A flood of mobile devices into the enterprise is exhausting available licenses for mobile-device security. But there are great options available today that didn't exist two years ago.

Security Manager's Journal: SOX is out of control

In my last column, I talked about how time-consuming SOX compliance is for companies like mine. Unfortunately, it's about to get worse.

Security Manager's Journal: Shrinking staff, and a time crunch

Today is the last day of the quarter in my company's financial calendar, and that means it's SOX time. I'm wrapping up four quarterly Sarbanes-Oxley Act controls that have to be completed by the end of the day -- reviewing security settings on our financial servers, reviewing the activities of system administrators on those servers, checking for inactive accounts that haven't been logged into in over 90 days, and checking the vulnerability report. SOX activities are remarkably time-consuming.

Security Manager's Journal: When executives want to be above the law

What do you do when your company's executives insist on special treatment that violates your security policy? This week, I ran into this problem.