Category Archives: WorldOfSecDevOps

[Recommended Reading] Advanced Encryption Standard

Source: Advanced Encryption Standard Wikipedia

“The Advanced Encryption Standard (AES), also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. Read more… “

Image source.

Advertisements

Leave a comment

Filed under General, InfoSec, Recommendations, WorldOfSecDevOps

[Recommended Book] Team of Teams: New Rules of Engagement for a Complex World

Source: Team of Teams: New Rules of Engagement for a Complex World on Amazon

What if you could combine the agility, adaptability, and cohesion of a small team with the power and resources of a giant organization?

THE OLD RULES NO LONGER APPLY . . .

When General Stanley McChrystal took command of the Joint Special Operations Task Force in 2004, he quickly realized that conventional military tactics were failing. Al Qaeda in Iraq was a decentralized network that could move quickly, strike ruthlessly, then seemingly vanish into the local population. The allied forces had a huge advantage in numbers, equipment, and training—but none of that seemed to matter.

TEACHING A LEVIATHAN TO IMPROVISE 
It’s no secret that in any field, small teams have many ad­vantages—they can respond quickly, communicate freely, and make decisions without layers of bureaucracy. But organizations taking on really big challenges can’t fit in a garage. They need management practices that can scale to thousands of people. 

General McChrystal led a hierarchical, highly disci­plined machine of thousands of men and women. But to defeat Al Qaeda in Iraq, his Task Force would have to acquire the enemy’s speed and flexibility. Was there a way to combine the power of the world’s mightiest military with the agility of the world’s most fearsome terrorist network? If so, could the same principles apply in civilian organizations?

A NEW APPROACH FOR A NEW WORLD
McChrystal and his colleagues discarded a century of conventional wisdom and remade the Task Force, in the midst of a grueling war, into something new: a network that combined extremely transparent communication with decentralized decision-making authority. The walls between silos were torn down. Leaders looked at the best practices of the smallest units and found ways to ex­tend them to thousands of people on three continents, using technology to establish a oneness that would have been impossible even a decade earlier. The Task Force became a “team of teams”—faster, flatter, more flex­ible—and beat back Al Qaeda.

BEYOND THE BATTLEFIELD

In this powerful book, McChrystal and his colleagues show how the challenges they faced in Iraq can be rel­evant to countless businesses, nonprofits, and other or­ganizations. The world is changing faster than ever, and the smartest response for those in charge is to give small groups the freedom to experiment while driving every­one to share what they learn across the entire organiza­tion. As the authors argue through compelling examples, the team of teams strategy has worked everywhere from hospital emergency rooms to NASA. It has the potential to transform organizations large and small. Read more… “

Image source.

Leave a comment

Filed under Books, General, InfoSec, Leadership, Management, People, Recommendations, WorldOfSecDevOps

[Recommended Reading] ATT&CK Matrix

Source: ATT&CK Matrix

“The ATT&CK Matrix for Enterprise provides a visual representation of the adversarial techniques described in the ATT&CK for Enterprise threat model. Tactic categories are listed on the top row individual techniques as cells underneath each tactic to denote that technique can be used to accomplish that particular tactic. Techniques can span multiple tactic categories signifying that they can be used for more than one purpose.” Read more…

Image source.

Leave a comment

Filed under General, InfoSec, Recommendations, WorldOfSecDevOps

[Recommended Book] The Art of War for Security Managers: 10 Steps to Enhancing Organizational Effectiveness

Source: The Art of War for Security Managers: 10 Steps to Enhancing Organizational Effectiveness on Amazon

“The classic book The Art of War (or as it is sometimes translated, The Art of Strategy) by Sun Tzu is often used to illustrate principles that can apply to the management of business environments. The Art of War for Security Managers is the first book to apply the time-honored principles of Sun Tzu’s theories of conflict to contemporary organizational security. Corporate leaders have a responsibility to make rational choices that maximize return on investment. The author posits that while conflict is inevitable, it need not be costly. The result is an efficient framework for understanding and dealing with conflict while minimizing costly protracted battles, focusing specifically on the crucial tasks a security manager must carry out in a 21st century organization. 

* Includes an appendix with job aids the security manager can use in day-to-day workplace situations
* Provides readers with a framework for adapting Sun Tzu’s theories of conflict within their own organizations
* From an author who routinely packs the room at his conference presentations

Read more… “

Image source.

Leave a comment

Filed under Books, InfoSec, Leadership, Management, WorldOfSecDevOps

[Recommended Reading] Turing Test

Source: Turing Test Wikipedia

“The Turing test, developed by Alan Turing in 1950, is a test of a machine’s ability to exhibit intelligent behavior equivalent to, or indistinguishable from, that of a human. Turing proposed that a human evaluator would judge natural language conversations between a human and a machine designed to generate human-like responses. The evaluator would be aware that one of the two partners in conversation is a machine, and all participants would be separated from one another. The conversation would be limited to a text-only channel such as a computer keyboard and screen so the result would not depend on the machine’s ability to render words as speech. If the evaluator cannot reliably tell the machine from the human, the machine is said to have passed the test. The test results do not depend on the ability to give correct answers to questions, only how closely one’s answers resemble those a human would give. Read more…”

Image Source.

Leave a comment

Filed under InfoSec, People, WorldOfSecDevOps