Strengthening Security

Windows Weekly is one of my favorite podcasts. Recently it has added a new co-host of Richard Campbell. He also has his own podcast at RunAsRadio. Of course, I added that to my podcast list.

Jess Dodson was a recent guest on the RunAsRadio podcast.

Here's the synopsis of the podcast:

How do you improve the security of your organization? Richard talks to Jess Dodson about the current security environment we're living in and what you can do to improve your security posture. Jess talks about how breaches happen and what you can do to detect them early before things get worse. The conversation dives into getting more resources - in most cases, improving security means having the time to work on preventative measures, like implementing multi-factor authentication, security information and event management, and setting up Just Enough Administration. And you need the time to review the activities in your network to let you stop a breach before it turns into something worse!

It's well worth your 40-odd minutes.

But Jess had a couple of points that I want to emphasize.

At 21:34 she says:

You've not backed up if you haven't tested your restore.

I hope I'm preaching to the choir on that one. Here's an earlier post of mine.

And then at 33:15 she says:

[Limit] the blast radius of what they have access to do is as restricted as I can make it without limiting business.

I think that is an excellent way to explain to management the objective.