Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cyber Security Awareness Month - Day 28 - Role of the employee

Published: 2010-10-28
Last Updated: 2010-10-29 16:08:01 UTC
by Tony Carothers (Version: 1)
4 comment(s)

Today’s topic for the CyberSecurity Awareness Month is the Role of the Employee.  Almost everyone reading this today will create some form of stored data which is significant to them.  Thus is the role of the user.  And, basically, every employee with an IT system is a user of some form or other.  Recently I had the opportunity to discuss a very similar topic with some friends at www.eitc.edu  .  The discussion centered on personal responsibility in regards to security.  This was a very productive discussion that yielded many of the same questions and conclusions I will discuss today.  The role of the employee is essentially the role of the user which always led to 3 questions:

“What data have I produced?”

“How do I get this data back, so I may continue, when all else fails?”

Once you have addressed these questions to the data you have created, whether 2 presentations or 200 emails, you will find the long road ahead much easier.   The third question is a bit more difficult, and is topic for another day….

“What data, other than my own, am I ultimately responsible for today??”

I would like to talk about the first 2 here a bit more.  Of course discussions or comments are always welcome and encouraged. “What data have I produced today?”  This question hopefully leads everyone to ask a number of questions about backup, restoration, and possibly even continuity of operations in regards to their jobs and data.  One common question is “how do I keep going after a (insert disaster here i.e… fire, flood, etc)?  If you are reading this then most likely we, in both our professional and personal lives, create some form of data each day.  In the workplace this may be several proposals or presentations.  In the home, it may have been a weekend of pictures downloaded to the home computer.  So what happens when the workplace is flooded?  God forbid a fire to the home?  Is the data created on a computer any less priceless than the letters from 2 years ago?  No. You would hopefully plan and protect these electronic artifacts the same as you would the physical artifacts.
“How do I get this data back, so I may continue, when all else fails?”  To completely answer this question the answers to question number 1 have to be answered.  Essentially once you have identified who is responsible for the backup and restoration, then ask the question “where is my data so I can get it back when everything else fails?”  Sometimes this is a question we have to ask of ourselves about personal data we’ve created, in the form of contact lists, email archives, and personal data.  In the data realm we are producers, provisions, consumers, and sometimes all three.  Anyone in the role of the first two needs to understand completely the role they play in today’s CyberSecurity world.


tony d0t carothers at isc d0t sans d0t org

4 comment(s)
Diary Archives