Information Security 101 (#sec101)

Coincidently, this is a theme common to some of my previous posts. I believe it is a sign of the times – that as we continue to experience data breaches we find fundamental control failures are behind many of them, which is what prompted me to write my previous posts.

October is ‘Cyber Security Awareness Month’ over at the SANS ISC diary page.

Tom Liston has put together a post highlighting the concern mentioned above, and then in social networking style opened up the floor to the Twitter universe to see what we thought were some of the fundamental security basics the community (in general) needs a reminder about.

It’s a great little summary with real life context that is definitely worth a read. The post is at:

http://isc.sans.edu/diary/Security+101+Security+Basics+in+140+Characters+Or+Less/11725

Three suggestions I put forward (admittedly I was a little late for 2 of them), speak to where my thoughts and concerns are:

1. Writing a Policy & not implementing/monitoring doesnt constitute a control. Thats like buying the firewall and leaving it in the box

2. As pessimistic as it sounds, ‘TRUST’ is not a reliable information security model

3. Security teams that work in isolation and without transparency will fail. Collaborate with other risk mgmt – audit, ops risk, etc

There are plenty of great contributions on the site. Putting forward suggestions was a great excerise as it forces you to think in (very) succinct terms of key controls and basic security principles.

This content should be part of a training programme somewhere…

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s