It's also good that our IT administrators have a pretty good hardening standard for their Windows and Unix systems, and they seem to be applying it uniformly. Account management is being done fairly diligently, although it could use some improvements, especially in the area of terminations and deprovisioning. Administrative access could use some fine-tuning as well; currently, everyone's an administrator, and there are many shared passwords in use. I'll definitely want to address that.
Overall, I would rate this environment 7 out of 10 in terms of general security practices. My first priority will be to start making small, incremental improvements in the current practices to make things better and introduce more maturity and consistency into the environment. This is a new challenge for me, one that I hope will be fun and exciting as well as successful.
This piece was written by a real security manager, "J.F. Rice," whose name and employer have been disguised for obvious reasons. You can get him at firstname.lastname@example.org.
Sign up for MIS Asia eNewsletters.