What are the benefits of SKiP as a framework?

5 pts.
Tags:
best practices
framework
Security
SKiP
UAT
I am currently studying at University of Advancing Technology in the Network Security Program, and currently I am learning about frameworks and security. I was reading an article that was talking about PDCA and found the "Vendor Provides" element interesting in the Implementation Frameworks section under the Security Knowledge in Practice (SKiP) portion of organizing framework. I know there are many good things about the SKiP implementation such as ease of use, its broad range to fulfill customer needs and requirements but there are also a lot of open holes in this implementation. I can see that like on most our smart phones, which come heavy with vendor apps, there are a lot of unneeded applications. This can make a system insecure, and can also leave a system open to attacks. Another thing I noticed is the openness of file access in files and directories. With everything being so easy for the end user it seems that "ease of use" element comes at the price of security. Other than the "Vendor Element" the SKiP framework seems like an ideal choice for most businesses. So as a student who is learning about frameworks I want to know if anyone has utilized the SKiP framework, and in utilizing SKiP as a framework would you have any suggestions or advice on working with such a framework? What have you learned in working with SKiP and what would you advise from your own experiences? Thanks - Art from UAT

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hello, Art.  I also am a UAT Student in the same class, but I do have some experence in Network Security.  I worked with something Similar to SKip framework at my last job.  That is why I picked it for my topic as well.  We used different vendors for different parts of the network.  The outer network was cisco, the inner network was a mix of linux based systems, and enterasys.  We used enterasys for is robust ability to look for anamolies in the network.  We had a symantec software to store all our e-mails for later analasys.  We did all this with a layered approach.  This really helped harden our network to the point it was an over kill.  Every year we would go the audit process to prepare, detect, respond, and improve.  I think we used the IAM approach.  We would prepare for a penetration company to come in and detect vulnerabilities.  They found that our Mulit-function printers were the most vulnerable.  We would respond to the findings to figure out what we could do to improve from the discovered vulnerabilities.  Then at the end of the year we would try to use the let over money to try and improve one of these areas.  The one I was part of was an ID scanner for the front desks of every building.  This system could be used to scan a person’s drive license for warrants or any flags put on them by the government.  It printed a badge with their piture on it so they could were it through the building.  This helped everybody know that they were a visitor.  I hope this helps.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following