A Solid Baseline; PowerPoint Melvinisms; Renewal Plan; more

Baseline Security
What is the best way to get some solid baseline security information at minimum cost (in other words, where we stand vs. where we should be)? Perhaps MBSA, port scanners or Microsoft best practices? What about the rtr/switch side? We’ve done multiple things at my company, but I’d appreciate any input.
—Name withheld upon request

Have time to listen to a long rant? Seriously, there’s no shortcut to a solid baseline. A good approach would be an internal audit by an IT-knowledgeable auditor. Many excellent financial auditors have little understanding of IT. The auditor must know IT and be up on the latest generally accepted security standards on the operating systems, applications and infrastructure that you have. The reason I say use an auditor is because you get the benefit of someone who’s not on your IT staff.

All of the things you mention are good starts and cheaper than hiring an auditor. If the scope of your assessment is just Microsoft operating systems, and you don’t know or have IT knowledgeable auditors, then, yes, the documents on security operations is a good place to start. They can also provide security templates that you can use in Security Configuration and Analysis to a reading on how you match up to Microsoft’s suggestions. But, ultimately, the question of where you need to be is a lot more than just looking at the Microsoft recommendations.

I get asked this question a lot, and I plan to have a partial answer in an upcoming Security Watch newsletter. (You can subscribe at MCPmag.com.) Let me know how you make out.
—Roberta Bragg

PowerPoint Melvinism
I just read April’s “Call Me Certifiable” column, “How PowerPoint Is Like Melvin.” As an instructor at a technical college, I find the use of PowerPoint presentations very useful in my classes. It takes all kinds of teaching aids to keep the students’ attention. Some are more visual learners that others. I’d be lost with out it.
—Ken Scheler, MCSA/MCSE Instructor
Waco, Texas

This is the guaranteed cure for PowerPoint Melvinism: http://www.apple.com/keynote/.
—Eric Silberman, MCSE: Security, CCNA
Bethesda, Maryland

I’ve worked with an environmental engineering firm for the past 10 years, and I’m a content PowerPoint user. In fact, I got my boss to buy a projector in 1996 so that we could make dazzling presentations to win more contracts—and it was hugely successful. There were times we dealt with regulators while representing our clients and were able to better explain our approach, often innovative and outperforming than the “prescribed” state methods, using animations in PowerPoint.

Believe me, the only way they can take PowerPoint away from me is by prying it from my cold, dead hands.

However, I don’t doubt that there aren’t enough people qualified to deal with PowerPoint. An amateur can easily screw things up for me and not realize it. I’d wholeheartedly support the idea of having a PowerPoint Design Certification.
—Richard Brklacich
Huntington Beach, California

Did I neglect to mention that I, too, am a content PowerPoint user? Oh, not so much lately, but in my salad days, I used to teach training courses to developers, and the PowerPoint slides anchored the day. One key, of course, is to make sure that the slides guide your presentation rather than just reading them to an increasingly sleepy reader.
—Em C. Pea

The Real Motivation Behind Outsourcing
Europe has been living with the outsourcing situation for some years already, but for different reasons perhaps than the U.S. Many of our IS/IT managers don’t have the will to make IT decisions, because they fear for their own positions in doing so. It is easier to buy from outside and have someone else to blame when things go wrong instead of taking charge of a situation.

So, even if a Microsoft LAN/WAN infrastructure is heavily implemented throughout most European companies—and the fact that those technologies can cover both simple and complex needs—politics will often decide what they do. Often, MCPs find themselves unable to utilize much of the built-in functionality because IS/IT managers will decide to buy from several different providers.

But, it would be unwise for any business to outsource services and decisions concerning infrastructure. They should have their own qualified resources—helping them in analyzing, planning, testing, and deployments—ensuring the best possible platform to work on (both for productivity and security matters).

Few other than Microsoft Certified Professionals can accomplish this objective.
—Baard Erlend Schoyen, MCSE

Renewal Plan
I recertify based on needs at work. As we are a Microsoft shop, change is constant, and so are Microsoft exams. I find the study/upgrade process a kick in the rear to make me learn the product more deeply than I would otherwise, so I keep playing the game. It helps that my employer picks up the cost). I also enjoy the jokes that my co-workers make about my being the certification poster boy. I wouldn’t learn the breadth of the products if it weren’t for certification, so it works for me.
—Bryan Colombo, MCSE, MCT
Colorado Springs, Colorado

Sounds like you’ve got the right idea (or at least the same one that Auntie has, and that’s the same thing, right?). Over the long run, the certifications that mean the most—and that contribute to your professional pride—are those that actually reflect your knowledge.
—Em C. Pea

About the Author

Have a question or comment about an article or letter that appeared in MCP Magazine?

comments powered by Disqus
Most   Popular