Dailies
- Beast or Buddha
- Caoine
- Echoica
- Jina Bolton
- Lifehacker
- Overclockers Australia
- RiskAnalys.is
- Rory.Blog
- Schneier on Security
- Security Catalyst Community
- Security Ripcord
- Securosis.com
- Slashdot
- Whirlpool
Photos
Categories
- Books
- Computers
- Family
- Forensics
- General
- GTD
- Movies
- Music
- Privacy
- Profession
- Risk
- Security
- University and Studies
- Web Development
Monthly archives
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- December 2006
- June 2006
- May 2006
- April 2006
- March 2006
- August 2005
- July 2005
- June 2005
- May 2005
- April 2005
- February 2005
- October 2004
- September 2004
- August 2004
- July 2004
- June 2004
- May 2004
- April 2004
- March 2004
- February 2004
- January 2004
- December 2003
- November 2003
- October 2003
- September 2003
- August 2003
- July 2003
- June 2003
- May 2003
- April 2003
- March 2003
- February 2003
- January 2003
- December 2002
- November 2002
- October 2002
Search
Some Readings and Why Compliance Does Not Always Mean Security
This week has been incredibly hectic at work. A combination of not only the other project guy being on leave, but also our direct manager too. I’ve been keeping track of my online-readings, but only at a superficial level. Some of the things that definitely jumped out at me..
The Safe Browsing API is an experimental API that allows client applications to check URLs against Google’s constantly-updated blacklists of suspected phishing and malware pages. Your client application can use the API to download an encrypted table for local, client-side lookups of URLs that you would like to check.
I think this effort is related to the research and hard work that Google have been doing in this space and it’s good to see them giving this sort of functionality back out to the Internet. Apart from the obvious uses that this sort of API provides to developers, it’s all the stuff that you can’t think of that makes it exciting, I mean have you seen how much stuff you can do with Google Maps.
Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues.
Found this on a post from Darknet and what I found really interesting was the toolkits ability to read and write to NTFS. Cool stuff.
Why do Security?
Really good post from Andy’s blog on why compliance is not the reason to secure. I couldn’t agree more, and it’s surprising at how many people still tie them together as if one implies the other. I understand that they potentially overlap quite a bit but they can also be separated completely. At work we try and offer solutions to both and often have a distinct line between our approaches, compliance control recommendations and risk-based control recommendations.
This issue relates quite closely to security awareness - another topic that we discuss almost daily - and on most project engagements some of the time is spent on educating non-security team members on the two separate approaches we use, and the difference and importance of the two approaches. The idea is to hopefully push some of this “culture” out to the IT teams to get them to start documenting controls even before we see the documentation and in some cases we are starting to see this happen. We don’t expect non-security people to be experts on compliance and up-to-date vulnerabilities, which is what we’re there for, but the more they start thinking about these issues the more secure the process is from end to end.
Posted by Christian 
23 June 2007
Post A Comment