Category Archives: InfoSec

[Recommended Book] The Art of War for Security Managers: 10 Steps to Enhancing Organizational Effectiveness

Source: The Art of War for Security Managers: 10 Steps to Enhancing Organizational Effectiveness on Amazon

“The classic book The Art of War (or as it is sometimes translated, The Art of Strategy) by Sun Tzu is often used to illustrate principles that can apply to the management of business environments. The Art of War for Security Managers is the first book to apply the time-honored principles of Sun Tzu’s theories of conflict to contemporary organizational security. Corporate leaders have a responsibility to make rational choices that maximize return on investment. The author posits that while conflict is inevitable, it need not be costly. The result is an efficient framework for understanding and dealing with conflict while minimizing costly protracted battles, focusing specifically on the crucial tasks a security manager must carry out in a 21st century organization. 

* Includes an appendix with job aids the security manager can use in day-to-day workplace situations
* Provides readers with a framework for adapting Sun Tzu’s theories of conflict within their own organizations
* From an author who routinely packs the room at his conference presentations

Read more… “

Image source.

Advertisements

Leave a comment

Filed under Books, InfoSec, Leadership, Management, WorldOfSecDevOps

[Recommended Reading] Turing Test

Source: Turing Test Wikipedia

“The Turing test, developed by Alan Turing in 1950, is a test of a machine’s ability to exhibit intelligent behavior equivalent to, or indistinguishable from, that of a human. Turing proposed that a human evaluator would judge natural language conversations between a human and a machine designed to generate human-like responses. The evaluator would be aware that one of the two partners in conversation is a machine, and all participants would be separated from one another. The conversation would be limited to a text-only channel such as a computer keyboard and screen so the result would not depend on the machine’s ability to render words as speech. If the evaluator cannot reliably tell the machine from the human, the machine is said to have passed the test. The test results do not depend on the ability to give correct answers to questions, only how closely one’s answers resemble those a human would give. Read more…”

Image Source.

Leave a comment

Filed under InfoSec, People, WorldOfSecDevOps

[Recommended Book] Extreme Ownership: How U.S. Navy SEALs Lead and Win

“Sent to the most violent battlefield in Iraq, Jocko Willink and Leif Babin’s SEAL task unit faced a seemingly impossible mission: help U.S. forces secure Ramadi, a city deemed “all but lost.” In gripping firsthand accounts of heroism, tragic loss, and hard-won victories in SEAL Team Three’s Task Unit Bruiser, they learned that leadership—at every level—is the most important factor in whether a team succeeds or fails. Willink and Babin returned home from deployment and instituted SEAL leadership training that helped forge the next generation of SEAL leaders. After departing the SEAL Teams, they launched Echelon Front, a company that teaches these same leadership principles to businesses and organizations. From promising startups to Fortune 500 companies, Babin and Willink have helped scores of clients across a broad range of industries build their own high-performance teams and dominate their battlefields.”  Read more…

Image source.

Leave a comment

Filed under Books, General, InfoSec, Leadership, Management, Recommendations

[Recommended Reading] Factor analysis of information risk

Source: Factor analysis of information risk

“Factor analysis of information risk (FAIR) is an ontology of the factors that contribute to risk and how they affect each other. It is primarily concerned with establishing accurate probabilities for the frequency and magnitude of data loss events. It is not a methodology for performing an enterprise (or individual) risk assessment.” Read more…

Image source

Leave a comment

Filed under General, InfoSec, Recommendations

[Recommended Reading] Microsoft Azure

Source: Microsoft Azure Wikipedia

“Microsoft Azure (formerly Windows Azure) is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through a global network of Microsoft-managed data centers. It provides software as a service (SaaS)platform as a service (PaaS) and infrastructure as a service (IaaS) and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems. Read more…

Image source.

Leave a comment

Filed under General, InfoSec, Recommendations, Site Reliability Engineering