Following the Wh1t3 Rabbit - Practical Enterprise Security

Enterprise Security organizations often find themselves caught between the ever-changing needs of the agile business, and the ever-present, ever-evolving threats to that business. At the same time – all too often we security professionals get caught up in “shiny object syndrome” which leads us to spend poorly, allocate resources unwisely, and generally de-couple from the organization we’re chartered to defend. Knowing how to defend begins with knowing what you’ll be defending, why it is worth defending, and who you’ll be defending from… and therein lies the trick. This blog takes the issue of enterprise security head-on, challenging outdated thinking and bringing a pragmatic, business-aligned, beyond the tools perspective … so follow the Wh1t3 Rabbit and remember that tools alone don’t solve problems, strategic thinkers are the key.

Rafal (Principal, Strategic Security Services)

Trust - Making an intelligent, defensible trust valuation

There was in interesting conversation earlier today on Twitter over whether trust is a 'yes or no' answer.  While some of the people engaged argued vehemently that trust is either a yes or not, I maintained that to answer trust in such a way was silly, and created more issues which were becoming apparent in the information security industry.  This post is a result of some more thinking ... and I identify 3 things that are required to make a trust valuation, since I absolutely don't believe it's as simple as binary.

Enterprises with trust issues - separation of duties for system administrators

 This article caught my attention ... "Laid-off IT worker accused of hacking, crashing Missoula company's servers" and made me think of a company I worked with around the time of the dot-com bubble burst where we figured out this very issue ...almost a decade ago.  Trust is a difficult thing to work out in any size organization as it is as much a human nature problem as it is a technical control...

Search
About the Author(s)
Follow Us
Twitter Stream


Community Announcements
HP Blog

Technical Support Services Blog

Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation