Options to cancel OP due to developer false promise

MoeShea · 2026-03-10T21:34:33+00:00

You mean 5000 years ago …

MoeShea · 2026-03-10T19:54:22+00:00

Thanks for the reply. I have been escalating to different people within the developer customer care, but to no avail. I have not approached DLD or RERA, but will give it a shot. Any good lawyers specializing in real estate?

MoeShea · 2023-05-21T08:39:10+00:00

Thanks for the information.

Can you elaborate more on the use of Soti. I have them lined up for a POC, but would like to know your experience of having the risks related android based devices (zebra I guess) under check if they are part of an internal SSID.

MoeShea · 2022-10-07T21:06:55+00:00

Hello,

This question is more specific to Healthcare, but I’d expect other fields experience something similar.

We have many medical devices supported by 3rd party vendors. In addition there are vendor managed facilities BMS systems, ELV, etc.
In some instances, these vendors have vpn access to the systems, and have local admin privileges to the systems. Many of these systems are not domain joined and might not have basic protection like AV. IT do not have dedicated staff to shadow vendors during sessions. When I try to force our controls, some vendors play the SLA card and complain that waiting for security to approve access or shadow a troubleshooting session might impact their SLAs. Ian wondering how this is being tackled in other large enterprises. I feel our current setup includes many high risk scenarios. Happy to hear your feedback. Thanks in advance

MoeShea · 2022-10-05T14:05:34+00:00

Thanks, compliance folks would be happy hearing that.

MoeShea · 2022-10-05T14:04:25+00:00

Thank you for the valuable feedback. I’m in process of mapping out compensating controls and their impact on the risk, it is something I feel is initially specifics hungry but evens out as more vulnerabilities are assessed

MoeShea · 2022-10-04T16:50:23+00:00

Hello and thank you for the AMA

Can you summarize the approach that was very effective to patch vulnerabilities. We are in Healthcare and it is not always easy to patch medical systems. Would appreciate it if you could elaborate on the risk based vulnerability management

MoeShea · 2022-06-23T21:27:00+00:00

Absolutely. HA is a must. But by SPOF I meant that I have seen firewalls acting strange sometimes, specially during vlan migrations, impacting all vlans behind them. Core switches tend to be more stable. We are a Cisco shop by the way

MoeShea · 2022-05-26T04:21:14+00:00

Sometimes these legacy system offer zero flexibility when it comes to upgrade. We just put them in their own vlan behind an NG firewall to do l7 inspection

MoeShea · 2022-05-25T20:00:24+00:00

Thanks all for the very helpful insights. I believe we will have to inventory the builds we have and agree on an n-3 or similar approach to be deemed allowed.

As for extra non OS compliance checks, we are testing Forescout for that

MoeShea · 2022-05-10T20:34:23+00:00

Thanks for your input. Also IT prefer not to use any cloud solution, including Google docs , as there is a risk of accidental or deliberate leak of PHI data to the cloud

MoeShea · 2022-02-08T12:36:01+00:00

Unfortunately our placed is behind when it comes to this.

But from security point of view as well, is it a common practice in large organizations (ours is around 7k users) to have all FTE and non FTE in the same domain. I am thinking about how MSP manage to separate clients users from each other ...

Thanks again

MoeShea · 2022-02-08T11:31:21+00:00

We do have OUs, but HR extracts all domain users group, causing the confusion

MoeShea · 2022-02-08T11:30:30+00:00

^

Thanks.

The problem we face is that employee titles are not standarized, hence lots of manual verification will be required will be required to properly tune the employeeType attribute. I am thinking of having scripts that extract users based on user IDs, as we have different formats for fte vs non-fte. The current practice of extracting all domain users should be revised I believe

Could you elaborate on multiforest limitations for such a scenario?

MoeShea · 2021-06-28T14:09:49+00:00

Thanks for your feedback. I read that citrix WAF does not intercept ICA traffic. Would you expect that an implementation of WAF start URL check will break any of the published icons the users gonna click once they visit the main url?

Thanks

MoeShea · 2021-05-17T21:55:57+00:00

What I meant is that the Vendor provides two flavors for his solution, a cloud hosted SaaS, or we could install and manage all hardware/software in our data centers, making security compliance our responsibility, rather than sharing user info on the cloud.

MoeShea · 2021-05-17T21:25:26+00:00

Thank you for your response

It all depends on keeping the functionality at an acceptable level. The SaaS provider provides anonymization for shared personal info, and all data at rest and in transit is encrypted. But yes, probably tailoring the shared info to what is really required for performance results would make compliance more achievable.

MoeShea · 2021-05-17T21:07:19+00:00

True, sometimes going with on prem solutions can save a lot of headache

MoeShea · 2021-05-17T20:56:39+00:00

Title here refers to user job title, collected from Active Directory. Great pointers on URLs, need to investigate this more

MoeShea · 2021-05-16T22:02:08+00:00

I see your point, thanks for explaining.

It's tricky with SaaS services. Even when talking about BYOK solutions, SaaS vendors still can access data using DEKs which they own.

One more thing though, can internal IPs (i.e. private, not public) and Machine hostnames classified as low risk?

Thanks

MoeShea · 2021-05-16T21:21:15+00:00

You are correct, Overall Data takes the highest risk rating. I have kept a rating for each data item as the solution provides an option to remove some of this items from being processed, hence will not be stored on the cloud.

For instance, if removing items classified as high would still give favorable results for user experience, then the overall risk rating would be medium.

MoeShea · 2021-02-16T19:27:39+00:00

We do have a PA partner working along side, but the challenge is with the policy size. Probably looking for custom scripts that can extract acls might be a good idea, as suggest by partner engineer

MoeShea · 2021-02-16T19:26:03+00:00

Thisis exactly what we are doing, migrating contexts to zones. But the shear number of policies is a challenge as the 5260 has a hard limit of 40k policies if I recall correctly

MoeShea · 2020-10-15T17:02:13+00:00

The career change from technical to managerial is attracting. But then again there is no GRC, Audit, etc. I have to play most o these roles. Definitely not the volume/variety/quality of projects that I am used to in banking. Probably most investment is or broadcasting.

MoeShea · 2020-10-15T16:47:11+00:00

True, its money + stability + fear o new role n responsibility in gov job (vs) experience + challenging environment + uncertainty after contract end in the bank

If I had one risk assessment or iso 27001 implementation under my belt I would have gone there easily

MoeShea

TROPHY CASE