Over the past few weeks, I've been talking about how failure, in broad terms, affects our roles. Most of our discussion has focused on a mistake that causes an outage. However, I'm honestly surprised that no one has asked this question: "Why are you posting this in a security related forum?" Today, let's wrap up this discussion and answer that question.
Many large organizations have a dedicated security team: the team who deals with IDS, perimeter protection, antivirus, patch auditing, and the list goes on. Sometimes, such specialization can result in engineers and administrators with a blasé attitude toward security. We forget that security is a part of every task that we complete. Ignoring these security requirements is a form of failure. An undocumented exception to a security policy is a failure, even before it becomes part of a security breach.
We've all read reports of major hacking or security exploits in a large organization. While digging through the details, one is often astounded by the number of different ways that the attack could have been detected or rebuffed. Each open port, non-essential service, or open access rule demonstrates how often we forget that we are all part of the security team.
One final thought: the first week, we recognized the simple truth that we all make mistakes. The more important aspect of our personalities and careers is how we respond to that failure. The same goes for security based failure. An organization must do penetration testing and security audits. These audits should be problem and resolution focused, not a game of Clue. Knowing that Jim Bob killed security with an ACL in the core router doesn't fix the incorrect ACL; rather, repeated mistakes should be identified, and used as training opportunities for the affected team.
How does your organization handle security? Are you part of the dedicated team? Does your organization regularly audit the internal systems?