An Occasional Look in the Rear View Mirror
With two new drivers in my home, I am training them to occasionally look in the rear view mirror of their car as an effective way to increase their situational awareness when driving. What if this principle were applied to the area of hardware and software inventory? Perhaps in the form of a quarterly reminder to consider CIS Critical Security Controls 1 and 2 that called for an objective look at hardware and software that might not be as shiny and new. Intentionally searching for this type of deferred maintenance could very well find unnecessary risk that is imposed on the entire organization.
Some organizations have an interesting approach - for every new tool purchased, two tools must also be retired. What a novel section to include in the business justification for the next new tool. Take a look in the rear view mirror every once in a while - particularly at the area of technology retirement to make sure you don't just continue to increase the collection of tools. Who knows what might be discovered.
What grade would you give yourself in the discipline of technology retirement? Please leave what works for you in our comments section below.
Russell Eubanks
Security Culture for Leaders | Amsterdam | Oct 7th - Oct 11th 2024 |
Comments
Shiny and new often means undiscovered bugs and vulnerabilities while old and rusty usually means sturdy and dependable.
If the underlying tech does not change, then, if it ain't broke...
Just like you teach to use mirrors, not camera's and screens for driving.
Also part of the thinking behind only getting a new tools if it makes 2 obsolete is the same as the thinking for kitchen utensils, if it only does 1 thing then it has no place in the kitchen :)
Anonymous
Jun 11th 2017
7 years ago
Thanks for supporting the Internet Storm Center!
Russell
Anonymous
Jun 11th 2017
7 years ago