Talk With an Expert

When Policies that have 'Always Worked', Don't or 'The Mask of the Code

When Policies that have 'Always Worked', Don't or 'The Mask of the Code (PDF, 1.66MB)Published: 25 Nov, 2001
Created by:
Rich Parker

In a small organization the pursuit of a secure and virus free computing environment can be a challenge for those of us who must wear many hats. As Director of Engineering for a statewide public radio network I am responsible not only for our broadcast studios and five transmitter facilities but also for the oversight of a growing network of office computers, networked audio file servers, and web/email/file servers. To assist me in maintaining this conglomeration of technical equipment I have one broadcast engineer, and an engineering associate; a critical part of the engineering associate's work involves monitoring the updates of virus signatures on a weekly basis and verifying that users are complying with company policies regarding acceptable software packages for company use. The scenario I will describe in this paper outlines a failure of our 'human systems' due to a limitation in our thinking about our procedures that could easily have had catastrophic results. What I will describe is a situation regarding one particular software package, but the principle it illustrates I hope will serve as a warning to those of us who may have let our past successes lull us into a sense of complacency regarding the security of our networks.