Winning Systems & Security Practitioners 3. Responsiveness

1100 words, 4 1/2 minutes. Responsiveness “No battle plan ever survives contact with the enemy” - Helmuth von Moltke. This is part 3 of 6 in a short series of posts on winning systems for Information Security practitioners. It aims to plug the gap between policy and products and put you, the practitioner, back in the driving seat. After all if you don’t know what system you’re implementing, how can you possibly decide what products or features are important to you? »

Winning Systems & Security Practitioners 1. Introduction

1100 words, 4 1/2 minutes. Introduction “Never tell people how to do things. Tell them what to do and they will surprise you with their ingenuity." - George S. Patton If you’ve read my previous postyou’ll know that to get beneficial, long lasting, low-maintenance results in Information Security, you need winning systems. Not skills. If you like grinding monotony punctuated by periods of extreme stress and being able to tell people how busy you constantly are, you can safely return to your to-do list. »

Elephant Proofing Your Web Servers

750 words, 3 minutes. The Case For Default Deny What’s free, permanently reduces your exposure to a range of potential vulnerabilities, requires no maintenance, and takes only a few minutes to implement? Most web servers are installed to serve content to unauthenticated users on the Internet. Most only have a finite list of URLs or a specific number of web apps. I’ve always thought it strange that they install in a default-permit mode. »