Category Archives: WorldOfSecDevOps

[Recommended Reading] ATT&CK Matrix

Source: ATT&CK Matrix

“The ATT&CK Matrix for Enterprise provides a visual representation of the adversarial techniques described in the ATT&CK for Enterprise threat model. Tactic categories are listed on the top row individual techniques as cells underneath each tactic to denote that technique can be used to accomplish that particular tactic. Techniques can span multiple tactic categories signifying that they can be used for more than one purpose.” Read more…

Image source.

Advertisements

Leave a comment

Filed under General, InfoSec, Recommendations, WorldOfSecDevOps

[Recommended Book] The Art of War for Security Managers: 10 Steps to Enhancing Organizational Effectiveness

Source: The Art of War for Security Managers: 10 Steps to Enhancing Organizational Effectiveness on Amazon

“The classic book The Art of War (or as it is sometimes translated, The Art of Strategy) by Sun Tzu is often used to illustrate principles that can apply to the management of business environments. The Art of War for Security Managers is the first book to apply the time-honored principles of Sun Tzu’s theories of conflict to contemporary organizational security. Corporate leaders have a responsibility to make rational choices that maximize return on investment. The author posits that while conflict is inevitable, it need not be costly. The result is an efficient framework for understanding and dealing with conflict while minimizing costly protracted battles, focusing specifically on the crucial tasks a security manager must carry out in a 21st century organization. 

* Includes an appendix with job aids the security manager can use in day-to-day workplace situations
* Provides readers with a framework for adapting Sun Tzu’s theories of conflict within their own organizations
* From an author who routinely packs the room at his conference presentations

Read more… “

Image source.

Leave a comment

Filed under Books, InfoSec, Leadership, Management, WorldOfSecDevOps

[Recommended Reading] Turing Test

Source: Turing Test Wikipedia

“The Turing test, developed by Alan Turing in 1950, is a test of a machine’s ability to exhibit intelligent behavior equivalent to, or indistinguishable from, that of a human. Turing proposed that a human evaluator would judge natural language conversations between a human and a machine designed to generate human-like responses. The evaluator would be aware that one of the two partners in conversation is a machine, and all participants would be separated from one another. The conversation would be limited to a text-only channel such as a computer keyboard and screen so the result would not depend on the machine’s ability to render words as speech. If the evaluator cannot reliably tell the machine from the human, the machine is said to have passed the test. The test results do not depend on the ability to give correct answers to questions, only how closely one’s answers resemble those a human would give. Read more…”

Image Source.

Leave a comment

Filed under InfoSec, People, WorldOfSecDevOps

[Recommended Reading] Kubernetes

Source: Kubernetes Wikipedia

“Kubernetes (commonly stylized as K8s) is an open-source container-orchestration system for automating deployment, scaling and management of containerized applications. It was originally designed by Google and is now maintained by the Cloud Native Computing Foundation. It aims to provide a “platform for automating deployment, scaling, and operations of application containers across clusters of hosts”. It works with a range of container tools, including Docker. Read more…

Image source.

Leave a comment

Filed under Recommendations, Site Reliability Engineering, WorldOfSecDevOps