Knowing Yourself

Knowing Yourself

In respect to information security, knowing yourself and your enemy is not necessarily a straightforward endeavor if it were, networks would be much more secure than they are today. To know yourself, you must do the following:

• Accurately assess your own skills.

• Possess detailed documentation of your network.

• Understand the level of organizational support you receive.

Accurately Assessing Your Own Skills

The skill set of a network administrator should include formal training on operating systems and applications; experience designing, installing, and configuring networks and network services; and the ability to predict problems before they occur and solve them when they do. To prevent design and configuration mistakes that can lead to security breaches, you must be able to accurately assess your network management skill set. Overestimating your knowledge of a network, operating system, or application can easily lead to vulnerabilities that attackers can exploit. Accurately assessing your skill set enables you to be proactive in obtaining training and acquiring the services of experienced consultants if the situation requires it.

For example, you might be asked to install and configure an Internet Web server for customers to access their order history on a Web application that your organization is deploying. Although you might be an experienced MCSE who has installed and configured intranet Web servers, you might not have any knowledge or experience with Internet Web applications or configuring servers that have direct Internet connectivity. By not accurately assessing your skills, you could easily and unwittingly expose customer information to attackers and not realize it until the information has already been compromised.