I’m sure for a large shop, PCI compliance isn’t as much
of a headache. But for a small shop, it
is a colossal pain. It is necessary to
be complaint, but what constitutes compliance is a broad group of standards
that only make sense to those who understand the entire picture. So you need server, networking, point of
sale, operations, and personal computer people all shoved into one person. Did I mention that person needs to have a
security mindset as well?
I could say I have a security mindset, but I’m not sure
that’s true. I used to think we had the
most secure system in the world and that we had overbuilt and
overdeveloped. I am not necessarily sure
that is true anymore. In fact, I know it
is not true. I guess that’s why I’m
taking the CCNA. The more I know about
routers, switches, and how networks operate then the more I’ll know about how
to secure such a network.
But the more I find about what I know, the more holes
arrive in my theory. I guess I’m
beginning to believe the network design we use is based off people who don’t
think about security, so now security is becoming an afterthought. It also makes me think that I need to
redesign the entire corporate network with security in mind. All it takes is about 70 interviews, a half
dozen VLANs and some extensive ACL work.
Oh yeah. And rewiring three buildings. Nothing much at all.
So I guess one could see my frustration. But then, it’s my job to fix the
problem. It really makes me wonder… is
it always like this? Or is it just my
company?
No comments:
Post a Comment