The first SANS Top 20 Security Control is Inventory of Authorized and Unauthorized Devices. When you first consider this control, you may be tempted to dismiss the value of the opportunity to have near real time awareness. I encourage you to think of creative ways to lean into your existing tools to help solve the […]
Blog
SANS National CyberSecurity Innovation Conference
Last week I had the opportunity to attend and participate in a panel discussion at the first SANS National CyberSecurity Innovation Conference in Washington, DC. While there I was able to learn from other security practitioners representing a wide array of industries each describe how they are securing their networks in creative ways. More often […]
Book Review: Linchpin
Linchpin by Seth Godin is one of the best books I have read. It gives the formula necessary to become the most valued member of an organization and not just a cog in the wheel. What follows are two of my favorite direct quotations from this book, sprinkled with my commentary. -Enjoy. “When you give […]
Get Wisdom as Cheaply as You Can
New details have emerged about the now famous RSA APT incident. As posted on their Security Blog and as mentioned on the SANS Internet Storm Center, it was disclosed that the incident started by phishing emails that contained a malicious attachment. This allowed the attacker to establish a foothold inside the organization. What about your […]
Book Review: Failure Is Not an Option: Mission Control from Mercury to Apollo 13 and Beyond
Today I finished reading “Failure Is Not an Option: Mission Control from Mercury to Apollo 13 and Beyond” by Gene Kranz, former Flight Director at NASA. The book provides a historical account of how NASA delivered on the promise made by President John F. Kennedy to land a man on the moon and return him […]
How do you do, Auditpol?
What if there were an alternative to using the Local Security Policy to set the options needed to support of your security policy? Starting with Windows 7 and 2008 there is a new, perhaps even better way, Auditpol that offers much more granularity. The full explanation of this setting is: Audit: Force audit policy subcategory […]