Recently, a former student and propective client asked me to send, along with a proposal, a checklist of things he needs to be thinking about to help his company's goal of "revamping security" in 2004. This is that checklist. Be forewarned. While risks change somewhat with network size, bandwidth, and connectivity, while business requirements grow, and while the technology we can use to mitigate and mediate risk gets fancier (it is hoped to meet the changing risks), there is nothing new under the sun. Also, this is purposely very high level. It is a general checklist of things to consider.
This whole process requires review and consideration by a team of individuals. Why? Because every one of us has blind-spots. [In God in the Docket, CS Lewis says every one of us had a fatal flaw to which we are blind. More recently, the late pastor Jack Miller said, smiling, "Cheer up! You're ever so much worse than you think you are."] Every one of us has his own agenda. Also, people make mistakes in executing plans and procedures. Further, things -- risks, requirements, and technology -- change. So the policy and procedures have to change.
My (growing) speaking and teaching calendar is at http://www.avolio.com/.
Did you buy your parents or friends a personal (computer) firewall for Christmas? Personal Firewall Day is January 15th. See NetsecLetter #31 ( http://www.avolio.com/columns/31-PersonalFirewallDay.html).
There was an interesting Web Informant this week from David Strom. David seems to be enamored with the dark side. Is he? Read "Web Informant #355, 9 January 2004: Aiding and Abetting Adrian" at http://strom.com/awards/355.html.
For an excellent editorial on a similar topic, Dave Piscitello wrote "Ethical Hacking could be so much more than an oxymoron..." at http://hhi.corecom.com/ethicalhacking.htm.
Jon Callas, CTO, CSO, and DSD (Dynamite Sharp Dude) had some very interesting (as usual) comments on a webcast "The Dawn of Pervasive Encryption" at http://webevents.broadcast.com/techtarget/Security/121803/index.asp?loc=10
Other related articles and courses are