Security comments and one liners

• 2018 cyber-risk-complacency

  • Understand the business context
  • It’s not possible to outsource risk
  • Have an incident response plan in place
    • it’s that it’s not so much the breach as it is the response that an organisation is remembered for
• Roger Truebody @Deloitte 2016
  • Business case
    • Defusion of benefits.
      • e.g. Tracking improving business.
• Erich W. Schubert

  • the-sad-state-of-sysadmin-in-the-age-of-containers

    • Stack is the new term for "I have no idea what I'm actually using".
      Maven, ivy and sbt are the go-to tools for having your system download unsigned binary data from the internet and run it on your computer

• 201311 from http://nakedsecurity.sophos.com

  • The first step is to stop trusting your client devices. All of them. This can be quite liberating as it’s a great opportunity to focus on what is really important to your organisation and ensure security resource is focused appropriately.

• 201303 - Charles Renert, vice president of Websense Security Labs told Security Week:

  • "Controls like patch management cannot eliminate risk exposure; they can only reduce risk to what you already know. Given the increasing frequency, severity and sophistication of the latest threats, the risk gap from unknown attacks across these kinds of vectors is on the rise.
    
    Rather than looking to update a single object or signature at a single point in time, companies must review the entire threat lifecycle and examine multiple opportunities to disrupt attacks."

• 2009-08 ISACA conference
  • Move security from just compliance to Risk management
    • Business should be in control of risk
    • Do Not put measures in place that prevent the business of being successful
    • Focus more on the Data and less on technology

...

CategorySecurity