Who was it?

Hi Guys,
This week has been pretty good so far, I've spoke with very interesting people and learnt a few good things.
Today in the morning, I got an article from the BCS about public sector and security. At first, it look pretty average, and just explaining the usual topics that relate to security when any company is downsizing (really old word I know..) in search of efficiencies and cost reduction, as much as the UK government is doing now.

So, what did I find so interesting? Well, we have been reducing, looking for efficiencies, cutting costs and spending again around the globe for...well, forever!! So, what we have learnt that we could re-use? Who was the security guy that looked after the warehouses in the big crisis around 1920 that provided a secure place for the goods even though he lost half of his security guards? How did he manage? Or the question should be, did he actually manage to do it?

So, as we (yes, me and half of the world population) says, google it! Check if you can find something... so I did... and I did, and I checked again... and then I realised that my weak and silly brain was not going to get the right search phrase to get me the results...Therefore, as one of my ex-colleagues and good friend used to say, "if you cannot find it all, just guesstimate!"

Let's pretend that there was a group of security personnel on the banks in the US in 1920, and that they got rid of 60% of their staff due to the crisis... so at that time, most of the activities were manual processing and physical security, so what would they have done? Here is my list:

1. change the locks on the safes
2. change the locks on the doors
3. get pictures of all the people that left and identify them every time they came near the bank.
4. rotate the remaining security personnel (john at the door works near the cashier now, and the guy inside the safe works out at the main door, etc.)
5. get a risk assessment for each of the profile of person leaving
6. advise all the bank service people or staff that provides services to the public of the risk assessment.
7. try to automate any security changes to minimise people knowing the safe combinations, etc. (for example, without a machine, you could get 2 people having half of the combination, so if any of them try to provide it, the other needs to give the other half, etc.)

And I'm sure there are loads more, but this will come handy for my comparison.... so then, there have been several other crisis around the globe, but have we learn anything? I think so... at least in concept.

Nowadays we do have a better set of tools, and a much more open environment to discuss this topics (wanting or not, if you don't open, they will open it for you)... so let's talk about security and technology... and a wee little caveat before to start: " This is not the magic solution, just a brain dump" ... so be kind but do comment... ;)

1. Change the passwords to all critical servers (the safe this time is virtual, so take care of it!!)
2. Change the passwords of all outside facing servers and devices (yes, if anyone is trying to get in, they shouldn't have the key already!)
3. Identify who has left, and you might be able to get a little program monitoring for anyone trying to use those accounts (even though you already cancelled them, destroy them, etc.)
4. Get the firewalls a wee refresh, so kick those beautiful firewalls and get them with new keys, new algorithms, etc... it is free and very easy to do. Do you have the alternative to refresh the monitoring systems? Well, check that you are monitoring what you need to, and add a little check for all the users gone.
5. Assess your risk, here is the tricky part nobody can have a full body scan and brain scan to check what they were thinking when leaving, but create a table and define levels of risk... For example, if the guys managing firewalls leaves the company upset and annoyed with everyone, that might be a higher risk than the CEO of the bank leaving after getting a sweet bonus
6. Get a little check for these guys computers, and advise the ranks that you are adding tighter security methods. Even if they are just a batch file checking on logs for the webservers and so on... If you can and have the money, invest in a good centralise monitoring system, with nice reporting features, etc. that will help you loads.
7. Automate, automate, automate!!! A long time ago, a security expert asked me:

Sec expert: Do you know what causes most of the data breaches? 

Me: curiosity?

Sec Expert: Nope, feelings! , people get upset with the company and get against them. second one is curiosity.

Sec Expert: And do you know how many feelings do computers have?

Me: none!!

Exactly!! none, automate, the system will not feel betrayed if you do something wrong, and with a good IdM system and a clear role definition you need to annoyed loads of people before the system gets any of that... so automate!! That is the best way, computers don't turn against you, humans do.

So, have we learnt anything? Conceptually yes, but I think that we are humans (luckily, life will be too boring with only computers around me), and that means that many times we "forget" to apply the simple rules and we end up in a big mess... or we just get stuck thinking on operational, everyday activities and never look into the more important topics that will save us time later... or well, you get the picture...

OK, brain dump time gone, back to work...