An Occasional Look in the Rear View Mirror

Published: 2017-06-10
Last Updated: 2017-06-10 13:01:52 UTC
by Russell Eubanks (Version: 1)
2 comment(s)

With two new drivers in my home, I am training them to occasionally look in the rear view mirror of their car as an effective way to increase their situational awareness when driving. What if this principle were applied to the area of hardware and software inventory? Perhaps in the form of a quarterly reminder to consider CIS Critical Security Controls 1 and 2 that called for an objective look at hardware and software that might not be as shiny and new. Intentionally searching for this type of deferred maintenance could very well find unnecessary risk that is imposed on the entire organization.

 

Some organizations have an interesting approach - for every new tool purchased, two tools must also be retired. What a novel section to include in the business justification for the next new tool. Take a look in the rear view mirror every once in a while - particularly at the area of technology retirement to make sure you don't just continue to increase the collection of tools. Who knows what might be discovered.

 

What grade would you give yourself in the discipline of technology retirement? Please leave what works for you in our comments section below.

 

Russell Eubanks

ISC Handler

SANS Instructor

@russelleubanks

2 comment(s)

Comments

It's not as simple as looking at things that are "not shiny and new"
Shiny and new often means undiscovered bugs and vulnerabilities while old and rusty usually means sturdy and dependable.
If the underlying tech does not change, then, if it ain't broke...

Just like you teach to use mirrors, not camera's and screens for driving.

Also part of the thinking behind only getting a new tools if it makes 2 obsolete is the same as the thinking for kitchen utensils, if it only does 1 thing then it has no place in the kitchen :)
Great point - not just the old hardware and software are candidates for technology retirement.

Thanks for supporting the Internet Storm Center!
Russell

Diary Archives