>>
>>Here is an outline for a security talk I gave a few years ago. I am
>>trying to
>>update it for content, correctness, etc., and would appreciate any and
>>all
>>feedback.
I'd add:
- Defense in Depth (gotta have those buzzwords , natch) Serioulsy though
it's key to mitagation
- Physical Security
I'd toss VPN or at least about remote data encryption in the user part -
I'm thinking "wifi user at starbucks" kind of thing.
Maybe some 802.11 sec too? And just b/c it's a personal thing for me,
but maybe delve a little into the "security is but a part of the whole
information assurance enchilada" talk wouldn't hurt either.
If you've got some time to kill reading:
- Good stuff (mostly technical, but some good policy too) can be found:
http://iase.disa.mil/stigs/index.html
The STIGs provide a "good place to start" for a lot of stuff. There's
good stuff all over the public parts of the IASE site.
- Common Criteria. People have varying opinions - but can be helpful
when trying to figure out a vendor's claims.
http://www.niap.nist.gov/pp/index.html
http://www.commoncriteriaportal.org/
http://www.commoncriteriaportal.org/public/files/ccintroduction.pdf
v/r
m-
-- matthew s. fotter | matt@fotter.com | http://matt.fotter.com ___________________ Nolug mailing list nolug@nolug.orgReceived on 03/22/05
This archive was generated by hypermail 2.2.0 : 12/19/08 EST