Posted in Aneesh Chopra, CCE, CPE, CVE, CVSS, Cloud Computing, IDS, Management, Metrics, NCP, NIST, OVAL, Policies, Risk, SCAP, Vulnerability, XCCDF on Aug 9th, 2009
“While the NSA has a great red-team (think pen-test) capability, they had a major change of heart and realized, like the rest of the security world (*cough* Ranum *cough*), that while attacking is fun, it isn’t very productive at defending your systems – there is much more work to be done for the defenders, and [...]
Read Full Post »
Posted in ANL Federated Model, Bro, CAMNEP, CPP, Defense in Depth, IDS, Reputation, Risk, SlideCasting, SlideShare, Snort, TVA, Trust Management, Visualization, Vulnerability on Jun 6th, 2009
This week I had the pleasure of presenting two talks at the National Laboratories Information Technology (NLIT) 2009 Summit held in Oak Ridge, TN. Everyone involved was great and I had a fun time. Since the presentations have been posted to the NLIT site, I am free to post now.
The original [...]
Read Full Post »
Posted in Application, CISSP, COBIT, Defense in Depth, ISACA, Information Security Governance, Opinion, Policies, Relation Competence, Risk on Mar 21st, 2009
I come bearing no answers, only questions. This being the SecurityMonks website, I could not allow the article, “The High Priests of IT — And the Heretics” to pass without comment. No heretics or high priests here. Only a simple security monk. The author, Cory Doctorow, makes his argument well. [...]
Read Full Post »
