IT Security and Introducing ideas way outside a Client's comfort zone

Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Boney M replied

1 October 2013, 01:58
I think the individual examples given above that you can demonstrate should make it easier for them to understand. Drawing information from any support calls will also show how much time across the board they lose. Explain the fact it can be easily adminstered as demonstrated earlier.

I would have thought at some point even the fellow colleagues being IT orientated must have come across roles/groups, it is applicable in most technologies now in one form or another
Leave a comment:
xux42 replied

30 September 2013, 22:12
Thanks for useful response. Some quantification of the current cost and future benefits is a very good idea.
Leave a comment:
smatty replied

30 September 2013, 21:00
Can you work out how much time they will waste setting up x hundred/thousand individual accounts and demonstrate how much money they will save by using a suitable set of groups instead.
Leave a comment:
vetran replied

30 September 2013, 20:03
Draw up two new user forms one with 200 separate boxes for all rights and one with 10 profiles. ask them which one they want to fill in when a new user joins or someone moves.

Then show how templating can save effort.

run a report for all previous helpdesk calls where people were given the wrong rights and couldn't work.

Do they need to conform with SOX? In which case how do they audit?
Leave a comment:
SussexSeagull replied

30 September 2013, 19:52
Propose what you think is the best solution for the client and let the cards fall as they may.
Leave a comment:
eek replied

30 September 2013, 19:48
Originally posted by xux42 View Post

I'm going to set up some presentations to explain the concepts as best I can, but I just wondered if anyone had thoughts on moving people from a primitive mess to best practice when there is political will, but little insight.

1) Good luck
2) you are a braver man than me
3) Jobserve is --->
Leave a comment:
xux42 started a topic IT Security and Introducing ideas way outside a Client's comfort zone

30 September 2013, 19:32
IT Security and Introducing ideas way outside a Client's comfort zone

I'm just about to start working with 2 permies on an application security project. Right mess at the moment with 2 separate security repositories developed in isolation from each other and all the security rules embedded in the apps. Totally userid-centric with no concept of roles/groups. Every user has a profile slightly different from every other user. Maintenance horror story.

So much to improve and Client is keen so that's all good.

Trouble is the only other guy who comprehends when I start wittering about a decoupled security subsystem, native security facilities of the OS, role based design etc. is a freelancer working on another project. Its blank looks all round from the guys on the project - one of them is the guru on how the current security 'mechanism' works.

I'm going to set up some presentations to explain the concepts as best I can, but I just wondered if anyone had thoughts on moving people from a primitive mess to best practice when there is political will, but little insight.
Should just add that I am not a security expert so I'm a little nervous about all this. I do have 20+ years of working in environments with very good IT security implementations and management though.
Tags: None