Items Tagged with "Infosec"
September 24, 2012 Added by:Tripwire Inc
Security people tend to be engineering oriented and suffer in the communication department. There’s an implied link that security might get broader adoption if security communication had more resonance with non-security people. Enter the popular use of the metaphor as meme...
September 22, 2012 Added by:Brent Huston
Emphasize that there are security measures that are effective in zero day situations. These include such controls as anomaly based detection mechanisms, system user security training, and incident response programs. If you can detect these attacks early and respond to them correctly...
September 20, 2012 Added by:Tripwire Inc
We’re going to use the phrase “Connecting security to the business” with almost annoying frequency because it can change the way the business views security, and vice versa. This begs a primer of sorts: What do we mean by all this “connecting security to the business” talk?
September 18, 2012 Added by:Robert M. Lee
As my perspective in infosec comes from my role as a Cyberspace Operations Officer in the Air Force, where most people say “infosec” I say “cyber” and try to speak on the broader domain impacts, deterrence, sharing threat intelligence, education, and the importance of working together...
September 18, 2012 Added by:Infosec Island Admin
All of this will be tempered by what happens next for Dave and Chris. Will they be able to penetrate the old boy network? Will they be able to, once ensconced in the ISC(2) inner sanctum, make any kinds of change that would make the CISSP more meaningful? Time will tell my friends...
September 13, 2012 Added by:Le Grecs
The same "good 'ol boys/girls" keep returning time and time again. When their terms are up, they "sit out a year" and then the next board nominates them as one of the BoD-recommended candidates. Keeping the same old board will result in a certification that continues to be disconnected...
September 13, 2012 Added by:Javvad Malik
You’re the new guy in the security ops team, they’re giving you a very crucial and important job… Monitoring. You’ll be told how it is essential to be done correctly. But you notice that nobody really shows any interest in doing it. There’s are two reasons for this...
September 05, 2012 Added by:Infosec Island Admin
It seems that when one “petitions” to run for the board, one must have the signatories send an email instead of just fill out their information on some excel sheet or online petition. If you are wanting to sign the petition for my being able to run for the BoD please email me...
August 30, 2012 Added by:InfoSec Institute
"Penetration testers, the guys that come onto the sites—they’re highly in demand... In terms of technology, I think these guys see security in a different light than other people. They sort of can see it as a whole picture. Penetration testers are looking at it in a completely different light...."
August 26, 2012 Added by:Rafal Los
The Information Security industry is rife with negativity. Why are we so quick to pile on to others' pain? Isn the security community just more cynical by nature, is it psychological? Are we wired this way? As an industry, our goal is to create more resilient, more secure' and more defensible postures for everyone...
August 26, 2012 Added by:Infosec Island Admin
Vote for the horsemen. If not me, then the others for a bigger point here. Those of you who take the ISC and CISSP seriously need to look at your org. Do you think that any with this certification are good at what we do because we took a test and adhere to some ethics rules the board ignores when they see fit?
August 24, 2012 Added by:Javvad Malik
They are the guys who you look out for and they look out for you. If you see a bug in their code, you’ll sort it out for them. When they call you up at 3am for help with a security strategy presentation, you stay up with them all night working on it. When you are stuck on something, you’ll turn to them for help....
August 24, 2012 Added by:Jack Daniel
Words like engagement and community are overused by charlatans, marketing gurus, and social media experts- but if you cut the crap and actually engage the community, people will pay attention. Influencer is another abused term, but some people have more of a voice in the community than others. Ignoring people who aren’t ready to buy could be a very bad idea...
August 23, 2012 Added by:Dave Shackleford
OK, so it’s not really worthless. So what do I propose? I say scrap the whole thing. Start over. Build a cert and program that tests fundamental skills and means something to employers who really need things done. Offer existing cert holders one year and a free test to get the new one. Otherwise, they’re out...
August 23, 2012 Added by:Boris Sverdlik
I’m not going to promise things that I may or may not be able to deliver on, but I can promise I will stick to what I believe is a shared vision in the community for a value add certifying body. In order to change perception of the certification and the certifying body we need to change...