This made me think. What was the root cause of this crap on the gate board? Was it bad hardware, software bug, l337 h@x0r or just a stupid user at the terminal? How does one efficiently differentiate what is a security incident and what is something else. There is no situation that I can presently think of where a piece of code, hardware or user not performing as expected that does not impact the security of an organization. What is the order of operation an admin should proceed with troubleshooting? Should they consider whatever problem that is encountered to be a security incident and work backwards from there or should they consider it just a problem and until it is proven to be a vulnerability or threat against the company proceed as if it were security related?
Any thoughts?
No comments:
Post a Comment