Tuesday, January 20, 2009

ROI & Stego-marking of security podcast with Eric Cole

17th episode of The Silver Bullet Security Podcast.

Interview with Eric Cole

In the past security is about saying “no,” today security is all about saying “yes” in a creative manner.

if you do security properly? what happen?
well nothing happen, the budget cut...

solution: put a nice diagram, show the FW deny hit - every month!
show to execs, did you realize that last month we got 12000 attacks?

Every month prepare a presentation to C level that shows the number of drop packet in border firewall.

Sometime bad thing happened, this does not mean security fails, but we have to take calculated risk.

Different organization, some high level metric are the same
confidentiality, free flow of information... but the you go specific.

different between
academic approach : teaching the fundamentals
certification: all about current practical skills

stenography tag : putting something that cannot be removed/modified.

security: defense in depth and layered approach.

FW does not have nothing to block, ids has nothing to detect...
with Stego-marking FW has something to block, IDS has something to mark...

it's good to get frustration: then when they start to looking for solution...

Securing from outside threats:
hardening a system: reduce visibility from the outside!

Security from inside threats:
Access control! lease privilege
data classification in order to allow least privilege

length: 29:23m

Labels: ,


Post a Comment

<< Home