The CAG - Consensus Audit Guidelines - Draft 1.0

Our state security committee has begun the review of the CAG. It has been discussed at our last two security meetings. There is much support in the committee for a guideline that actually has a good amount of body to it. I am in the process of updating a checklist for an internal audit. It is an old list and needs to be updated. That process is giving me an opportunity to go through the Consensus Guidelines and include a good amount of these best practices. In many cases, I already know the answers - and they will be no, we don't have these in place. At least the questions will be asked so that the ideas are put in place in the minds of the people who will be thinking about these questions. When I have completed my list, I will share it with our security committee. There may be others that will find it useful, or they may want to also edit and change it for their use. Our agency, as with others, will probably say that some of these ideas are beyond what we need - and definitely what we can afford. We are limited both financially and with resources. But as we go forward, these things will be in their minds and it will be interesting to see how they will impact all of us. There are many of these that could be implemented with little money and resources. Some of them I've already heard people from our agency say that we don't need. It is good to have the support of the security community when trying to explain that these things need to be in place! We have far to go before we sleep!!

It's mine and I'll Patch, Patch, Patch!!

For me, security has become a passion. I am always amazed at what is going on in the world of the Internet. Far too many of us are such trusting people. Is this an exclusively American trait? We are happy, believing, trusting people. We want to leave our wireless routers open so that our neighbors can use it. We don't really believe that criminals might come into our neighborhoods to use our Internet connection. But the world is taking advantage of us every day. How much of our hard earned savings is going overseas? How much of our tax payer dollars have already gone overseas? How many of us have already had our identity compromised? Yes - our government has given a lot away, but how much has been stolen from us? Now that's a different story. That's not politics - that's us! We bury our heads in the sand and let it happen!

I hear my own children say that they don't want to have to deal with all the security. They just want to be able to do their thing, and let someone else take care of the security (mom!). But now - we need to take care of ourselves! No one is going to do it for us. There are lots of us out here that are willing to help make the Internet a place to feel safe. There are many things one can do to make it a safer, fun, interesting, and educational place! But we all need to take responsibility for our own computers! Stand up and take notice ... this is my computer and I will do my best to keep it a safe place!

So what will I do? FIRST, I will have automatic updates running on my computer! Please make sure they are turned on and that your computer is up to date. This is not something to take lightly. It may take time to get all the updates on it, but those that are being exploited - and there are millions - are being taken advantage of BECAUSE they have not updated their computers. All the major player - Microsoft, Apple, Linux, Adobe, Firefox, and many more - post their updates and security patches as quickly as possible. Those unpatched systems are the ones that the thieves of the world are going to try to exploit. So - patch everything! I will keep my computers as "up-to-date" as I possibly can. That is our FIRST line of defense! So - Patch! Patch! Patch!

Lynda