Skip navigation

Monthly Archives: September 2012

You’ve just completed writing you information security policy and within that policy you place the “cut-and-paste” standard statement that indicates what the consequences are if the policy is violated.  This statement, which normally reads “Failure to comply with this policy will result in disciplinary action up to termination if severity of non-compliance dictates” is a very broad statement.  Such a broad statement can lead to those “grey areas” where employees don’t understand the boundaries specific repercussions for policy violation.  This is where more specific documented guidance would be beneficial to your organization and its employees.

Whenever you are dealing with the human aspect of an organization, it is best to look to you human resource department and if possible, your legal department to see what does and doesn’t violate your company rules as well as state and federal labor laws.  A good disciplinary policy always follows a hierarchy of severity.  This allows for personnel to make mistakes and learn from their mistakes without affecting their career.  Let’s face it, we are all not perfect and everyone makes a mistake once-in-awhile so establishing a policy where employees are dealt the most serious disciplinary action for their first offense is going to result in a hostile work environment.  My suggestion is to instead, have a policy where disciplinary action levels of severity increase and are dictated by offense and number offenses.  Here is an example of a hierarchal discipline structure:

  1. Letter counseling from management – provides feedback on what they have done wrong and how it violates policy.
  2. Letter of reprimand – Employee is warned and official notice is included in their personnel file.  Also, action will have a negative consequences when it comes to performance reviews and promotion
  3. Privileges revoked for a certain period of time provided that they are not critical to individual’s job function.  Also recommend remedial training to address policy infraction
  4. Suspension without pay – Used for multiple infractions and based on severity of violation.  Employees would be suspended for a period of time without pay.
  5. Termination – Self-explanatory Need to make sure all options have been utilized/documented and employee rights are not violated.  This is where HR and Legal would get involved

Of course, this is only an example of a hierarchy disciplinary action plan instead of the generic disciplinary statement typically seen within a security policy.  Each organization is going to be different and it is best to tailor a policy that fits your needs as well as the needs of management.


     I recently came across an interesting article on the FBI’s web site in regards to a new malware that seems to be growing in popularity by holding an unsuspecting victim’s computer for ransom.  The ransomware, known as Reveton, freezes your system and then brings up a window indicating that your IP address has violated United States federal law by participating in an illegal activity such as child pornography, illegal downloading, and or distribution of copyright content.  According to the FBI, some versions of Reveton even “turn on computer webcams and display the victim’s picture on the frozen screen.” The pop-up window goes on to say that if you want to unlock your computer, you are instructed to pay a fine upwards to $200 via a prepaid credit card or a payment service.  The geographic location of the victim’s IP address determines what payment services are offered within their area and in some cases, the pop-up window will even include a code entry box for payment.

According to the Internet Crime Complaint Center (IC3), this is one nasty virus to remove and sometimes the malware you think you have eradicated continues to operate to commit online fraud. There a few ways to remove this virus and those methods can be found on the Internet by doing your research.  That is of course if you can still access the Internet.

Stay safe and be vigilant!

As a person functioning in some sort of IT capacity you probably already have a certification from an organization like CompTIA, CISCO, Red Hat, or Microsoft.  These field specific certs are an excellent way for you to “prove” that you are fluent within those areas and are an excellent tool for career advancement.  One certification that is not in that list of notable IT certifications but is gaining popularity within the field is project management certification.  Project management certification has been around for a long time but until recently, it has not been on the radar of any techie for career advancement and placement.

According to Bureau of Labor Statistics for the U.S. Department of Labor, job outlook for information system managers who have project manager credentials is expected to grow by 18% compared to 14% for those project managers not operating in an IT environment. Also, out of the 15 advertisements for IT project manager jobs currently listed on job board, 11 require or prefer some sort of project management certification. With the increase requirement for certification, many schools have started designing project management programs specifically for the information technology manager.  Although there are many training programs available, only those recognized by the Project Management Institute (PMI) as a Registered Education Provider (R.E.P) are eligible to train for the coveted PMI certification.

So, if you want to expand your career beyond swapping parts, writing code, and/or configuring network devices; consider a certification in project management.  A project management certification is an excellent way to set yourself apart from your peers and expand your opportunities.


One tool that needs to be in your security toolbox is a good management program that utilizes the Simple Network Management Protocol (SNMP).  Utilizing network management software to display all of the SNMP data being polled and sent from attached SNMP agents can provide valuable information i.e, high bandwidth/memory utilization.  These valuable network indicators can be good indication of something mischievous going on within your network. Critics will say that SNMP, as a protocol, is not very secure and therefore it is open to a variety of attacks; however, that should not detract from its use as part of a comprehensive event logging and device reporting solution which I can personally attest to.

While working as a network engineer a few years back for the Department of Defense, I finally was able to justify the procurement of network management software solution to be installed onto our network.  This particular system was in place to support the Air Force linguist training and tracking database.  After the initial install and configuration, I completed a required performance baseline to assess the “normal” characteristics of our network.  Using that baseline as a guide, I then setup alert actions to give us a “heads up” should something out-of-the-ordinary happen.  It took some tweaking due to many false alerts but once I finally got it set, it worked like a champ.  A few months later while at home, I received a few text messages from our system.  The text message indicated that the traffic was off the charts on our router directly attached to that server.  This was extremely odd for a weekend.  I immediately remote into the system from home and discovered that our SQL server was running a script utilizing two extensive text files hidden on the server for data input.  One of the files contained common passwords and the other was common logins and the script was cross-utilizing both in attempt to discover our SQL Service Account (SA) password.  Without that network management software utilizing the SNMP protocol, I would have never known about the attack that was taking place until it was probably too late.