Continuous Inspections

One of the primary reasons the aircraft industry has been able to make gigantic leaps in improving safety is the rigorous, complete, and continuous inspections for every component and process related to flying. This is also the most important change that we need to make. When I teach at the SANS Institute, a security research and education organization, I often say, "Who reads the event logs every day?" Some hands go up. I try to memorize their faces and catch them alone at the break. Then I ask them, "What is in the logs? What recurring problems are there?" They usually cannot answer. This book can help you deploy sensors and scanners. An entire chapter is devoted to intrusion detection. Even your organization's software architecture is a security perimeter component, as you will learn in the software architecture chapter.

If you were to ask me what the growth industry in IT was, I would answer that consoles, sensors, and agents to collect and display information would be a strong candidate. Computer systems change rapidly. They are analogous to the barnstormer bi-planes that flew around county fairs. When something broke, a blacksmith, automobile mechanic, or seamstress fabricated a new part. We can add and uninstall software in a heartbeat, but when we do, we cannot get back to the place where we were before the change. We need to monitor for change continuously, and until we learn how to do this and rigorously enforce change control, flying in computers will be nearly certain death.