Why the focus on best practices?
I thought I should explain why I'm making and will be making what may look like a lot of posts on best practices. The answer is simple: I'm a firm believer in mastering fundamentals in just about any endeavor. When it comes to security, we need technologies like anti-malware, crypto systems, firewalls, and many more - but they are not enough. We are seeing that with the recent zero-day attacks on Microsoft IE. We can't anticipate all possible attacks and even if we could, attackers would change their tactics accordingly. We need broad-based technologies and practices to protect messaging and Web services.
I will also consider best practices across IT, not just those specifically focused on security or messaging. We could deploy the best ant-virus program but if we don't have change control and patch managemnt procedures in place our poor practices can undermine the effectiveness of our defenses.
I'll also address executive management issues on occassion. Security programs can only go so far without buy-in from the top. Compliance has helped raise awareness about the need for broad and deep defenses so we'll touch on some ways to keep the IT-executive management dialog going. Risk managment is a common concern of both IT practitioners and executive management, it's a good place to start the dialog.
There will be plenty of discussion on technical issues in this blog, too. You will be just as likely to find posts on polymorphic viruses and and Bayesian classifiers as on policies and procedures. This resources in this community will evolve to reflect the needs of the community. Your feedback is always welcome, if there is a topic you are especially interested in that you think deserves more coverage, please let me know at mailto:dan_sullivan@realtimepublishers.net
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
