Tim's Weblog
Tim Strehle’s links and thoughts on Web apps, software development and Digital Asset Management, since 2002.
2005-09-02

Time for a stand-down review

Roger A. Grimes at InfoWorld - Time for a stand-down review:

“I propose that one of the best cost/benefit security moves any company can make is to take a step back, review the current security configuration of its assets, and fix the basics before looking into more advanced solutions. Spending a week or two doing this can provide immediate returns, compared with waiting for a three-year payback on an unproven device or solution.

I have to admit that this idea isn’t my own – it’s stolen from the military. For example, every few years the military suffers from a spate of “random” incidents such as, say, airplane or helicopter crashes, accidental weapons fire, or unpredictable cases of post-traumatic stress. When management (the generals, admirals, or commanders) note a spike in such events, they often order a stand-down, which requires the entire affected force to drop all non-essential duties for the entirety of the stand-down period.

Everyone must re-examine current SOPs (standard operating procedures) to see if they need to be modified or, more likely, how they aren’t being universally applied. Either way, after the stand-down review period, the spate of random incidents always seems magically to decrease.”