Tuesday, August 26, 2008

What makes a security consultant an expert?

Good security experts are different characters than other engineering or Information Architecture roles. The important qualities for security set them apart from rather than make them indistinguishable from others.

Security experts are always interested in security across a broad spectrum that goes well beyond IT, professional information security at every level, demands “thinking outside the box”. 

A security expert always takes the initiative to find the answers to security problems without guidance and sets the agenda based on threat priorities. 

Information security falls outside defined policy, because the job revolves around preventing, investigating, and responding to incidents where policy has failed.

A security expert’s work involves investigation, assessment, troubleshooting, abstract thinking, problem analysis, and understanding the security principles underlying of particular events. 

Security works best when it is part of the architectural design of a system, when it is the very basis for policy, and when it limits the errors of everyday work. 

The best security experts have an unconventional mindset and perspective than memorized standards of “industry best practices”. In fact, the most important lessons to be learned about such practices are their flaws. 

Read Chad Perrin thoughts on hiring security experts at http://blogs.techrepublic.com.com/security/?p=551&tag=nl.e036

Sunday, August 10, 2008

Vista security defeated; IOS rootkit; DNS flaw 'worse than thought'

  1. Researchers say they have found a way to bypass Vista's memory protection features
  2. It may be possible to pwn a Cisco router with a rootkit
  3. The DNS cache mess could be far, far messier than first thought, with more than a dozen attacks possible.


More >> http://searchsecurity.techtarget.com.au/articles/26194-Black-Hat-roundup-Vista-security-defeated-IOS-rootkit-DNS-flaw-worse-than-thought-