2. 程式人生 > >Ask HN: How do you manage a security policy for your small team?

Ask HN: How do you manage a security policy for your small team?

阿新 發佈:2018-12-28
My company is a small team operating in the digital health space that's recently grown to 12 in the past year. Although we don't deal with a ton of PHI, some of our clients ask us some questions that we've been able to work around but are going to start becoming blockers as we scale.

In terms of our cloud, we're HIPAA compliant and our customers haven't questioned that portion. Examples of things we're asked about are:

1. Infosec staff, policies, and certifications? We do have a light policy but are we already at the size where we need dedicated staff + certifications? There's not anyone today holding everyone accountable.

2. Device management. Some of our employees have devices provided by the company and some use their own (engineers who work remote). We get asked often about if there's antivirus installed on all our devices and what we do to ensure the devices are physically safe. Is the only option here moving to issuing everyone devices and managing them centrally? Is there a middle ground?

3. Anything else on the messy startup side. We share an office with another company which complicates all physical security questions. People tend to take their work home with them as well which also causes potential issues.

Those of you who have done this before / are doing it now, I'd appreciate any tips or suggestions on how to deal with this "middle phase" of growth.

Thanks

相關推薦

Ask HN: How do you manage a security policy for your small team?

My company is a small team operating in the digital health space that's recently grown to 12 in the past year. Although we don't deal with a ton of PHI, s

Ask HN: How do you manage your day

Work environment and needs are very personal but maybe you can learn from my solution.My frustration with most task manager is that they require me to manu

Ask HN: How do you make a decision between different startup ideas you have?

I choose the one that has the highest probability of success multiplied by the size to which its likely to grow. Intuitively ofcourse.

Ask HN: How do you assess a Machine Learning based product?

What metrics do you look for when trying to assess a machine learning based product that is being presented to you ?

Ask HN: How do you manage shoulder taps?

How do you all track and manage shoulder taps (slack requests, actual shoulder taps, etc) so that:1. They get prioritized and not lost.2. They get tracked

Ask HN: How do you share a series of links?

How do you share a series of links on a particular theme, as opposed to an individual link (as you might via Twitter) or a large stash (as you might with y

Ask HN: How do you use internal project codenames in your company?

We use them and I complain about it a lot. Anything that reduces clarity and transparency is a bad thing in my opinion - a codename is at best security the

Ask HN: How do you feel about backchannel communications for engineering teams?

Anecdotally, the answer is: In an overwhelming majority of the cases, not much.It seems as engineers/programmers/etc are generally looked down upon by many

Ask HN: How do you foster strong engineering culture in your organization?

* Instill a learning culture. An easy way to start is to do brown bag lunches/lunch and learn once a month. Ask engineers to volunteer to talk about things

Ask HN: How do you feel about having a mentor in your line of work?

Hello HN-ers I've been in the software industry for about five years and have worked as an individual contributor at companies big and small. Over the year

Ask HN: How do you make sure js from a CDN or a CMS hasn't changed?

SRI won't protect you from:* Someone injecting malicious JS code into your checkout page* Non-static JS includes like Google AnalyticsBut it works well for

Ask HN: How do you track and manage your (personal) investments?

With the launch of services like Robinhood, access to investment in the public markets has never been easier. If you are currently investing in anything (s

Ask HN: How do you make money as a Computer Science student?

A bit of background on my situation so you might give me more personalised advice: I graduated in 2017 with a Bachelor in CS and already had a job by that

Ask HN: How do I explain a long activity gap due to depression to interviewers?

tl;dr I've been a NEET for several years, during which I learnt programming. I'm trying to get a programming job now. How do I explain this suspicious acti

Ask HN: How do you deal with complain rate on SES

Hi all,I run a news letter with AWS SES and the complaint rate is reaching 0.05%. They expect 0.1% complaint rate.I have received zero complaints email fro

Ask HN: How do you stay fresh on the basics of computer science?

I had an uncomfortable experience last week where I realized I'd forgotten the basics of condition variables (in particular, how to prevent the thundering

Ask HN: How do you spend time during compilation?

I feel it's a significant problem when compilation lasts for more than 10s>. To not get bored, I am jumping into random articles during that time, loos

Ask HN: How do you measure your funnel?

We are working on a tool to help people measure their conversion funnels. For example:Unique visitors to website -> User Signups -> Paid CustomersTh

Ask HN: How do you handle user money that you have to return

I am thinking about building a system where customers would put money into their account and they can use there balance to purchase things. Whats the best

Ask HN: How do you become the best at something?

I realized that while I'm fairly competent at some things, I'm not really top percentile in anything save my ability to communicate. It's really weighing o