Page 2 of 2   « previous page

Following a more administrative approach to addressing potential risks, systems administrators should consider a configuration management database or CMDB-driven data repository as the starting point. Administrators could actually prevent most of the risks to their IT infrastructures by gaining a complete understanding of details associated with system settings and configuration controls at all points throughout the enterprise. Defining the policy on which an organization builds a "gold standard" of operation without this critical step results in an ineffective reactionary-based trend in enterprise IT security.

 Over the Rainbow
Once administrators have collected that mission-critical data, they can begin to shape an appropriate policy for what should be considered the "gold standard" of operational expectation. Blending the strong integrity of a CMDB-based approach to policy management further capitalizes on the administrator's ability to address the need for pre-emptive control rather than post-event recovery. In a sense, you can't fix what you don't know is broken, but you CAN plan for risks when you know what you have and how it's working before those risks are exploited.

The old axiom that "knowing is half the battle" certainly rings true where your organization's risk management plans are concerned. Organizations can no longer afford to claim "The hole is on your side of the boat."

Page 2 of 2   « previous page