One of the constant challenges I face delivering big systems is meeting the protective monitoring requirements. A lot of the requirement to spot technical events (low level network probing, back door installation, beaconing and command and control channels) can be covered with a bundle of vendor products integrated into a…
Tag: securitymanagement
6 Questions about security the board care about
Another short post to break up the big essays I tend to write. These are the questions any Security Manager worth his salt needs to have prepared answers for anytime he attends the board of the company or socialises with board members: Are we safe ? Can I take responsibility for…
Top 10 Points – Security Elevator Advice
These are my top 10 key points to give to the top man when he asks you “what should we be doing in security?” and you only have a minute or two or you need a single slide on security for the CTO: Identify and understand your threats Reduce your…
Security Debt
The following are some notes I put together describing the concept of ‘security debt’ as a way of thinking about managing security in a real world business, its taken on some new meaning following the credit crunch…. I think there are extensions to be made to the concept but I am…