“完成了一次漂亮的风险评估,发现了很多重要的关键的漏洞。这些漏洞大大小小存在于各种服务器和网络设备等,分别由不同的部门和小组管理运维。接下来如何策划管理来保证这些漏洞能够得到及时的修复呢?”
“我会向领导正式汇报,然后召集一次漏洞修补的启动会,和大家一起制定修复计划,然后督促大家完成”
“在执行过程中,发现很多服务器上的补丁不能按时打上、漏洞不能按时修复。服务器小组和应用小组的理由也很充分:资源不够;陈旧应用不清楚,不敢随便打补丁或重启;申请不到变更时间窗口;等等。这时,你怎么办?”
“我会继续沟通,必要时向领导汇报”
“向领导汇报什么?”
“汇报当前漏洞修补的进度,我们碰到了麻烦,需要领导支持”
“领导肯定会支持你,但是你到底需要什么样的支持呢?“
”希望领导命令系统小组必须尽快修补漏洞,或者告诉我们可以接受风险、放弃修补”
“如果你是CIO,又会如何做决定呢?”
“#¥%@&”
Read more…
There is a post at Networkasia on security threats in 2007 that users should pay attention. They are IE/Phishing/Malware. They are very staightforward in the author’s thinking. Phishing, identity thefting and malwares are of most concerns of most of internet users, while mostly they are due to the vulnerable IE. An easy deduction is whenever you thoose to use IE, you will have to fight again the security threats from phishing and malware. I am not sure if this is the original thought of Scott, while I hope to share with you that IE is not the main reason for that you have been caught up by some kind of malware or annoyed by some internet theft. It’s due to your security awareness and knowledge. I bet that whenever Firefox, Opera, Netscape and other browsers will encounter the same security threats as IE whenever they reach the similiar market share. Read more…
Recent Comments