Security comments and one liners

• Roger Truebody @Deloitte 2016
  • Business case
    • Defusion of benefits.
      • e.g. Tracking improving business.
• Erich W. Schubert

  • the-sad-state-of-sysadmin-in-the-age-of-containers

    • Stack is the new term for "I have no idea what I'm actually using".
      Maven, ivy and sbt are the go-to tools for having your system download unsigned binary data from the internet and run it on your computer

• 201311 from http://nakedsecurity.sophos.com

  • The first step is to stop trusting your client devices. All of them. This can be quite liberating as it’s a great opportunity to focus on what is really important to your organisation and ensure security resource is focused appropriately.

• 201303 - Charles Renert, vice president of Websense Security Labs told Security Week:

  • "Controls like patch management cannot eliminate risk exposure; they can only reduce risk to what you already know. Given the increasing frequency, severity and sophistication of the latest threats, the risk gap from unknown attacks across these kinds of vectors is on the rise.
    
    Rather than looking to update a single object or signature at a single point in time, companies must review the entire threat lifecycle and examine multiple opportunities to disrupt attacks."

• 2009-08 ISACA conference
  • Move security from just compliance to Risk management
    • Business should be in control of risk
    • Do Not put measures in place that prevent the business of being successful
    • Focus more on the Data and less on technology

...

CategorySecurity