While posts from local bloggers seemed a little scarce this week (due to Father’s Day, perhaps?) we still have some awesome posts to feature this week.

While we only feature three posts every week, don’t forget that you can also check out our list of local security bloggers to get even more quality information during the week from the area’s very best.

#3 – Security as Rhetoric: Do you ever get tired of telling your managers or potential clients that “security is a process, not a product?” If so, you’re not alone, since @electricfork wrote an entire post dedicated to this dilemma. Saying that “I do not like the expression anymore than any other watered-down talking point that politicians use on an election year,” @electricfork presents some possible replacements for the often quoted phrase, such as “security is a characteristic” and “security is a system of combined systems.” If you’ve got your own idea of what phrase to use instead of “security is a process, not a product,” or think that the phrase should stay in common security jargon, be sure to read the post and add to the discussion.

#2 – Why CSC Fails: For those of you who have read the 20 Critical Security Controls list that was released in May, chances are that @cyberhiker is preaching to the choir when he shares some of his concerns about CSC in his latest post “Disturbing Trend.” In his post, @cyberhiker has this to say about CSC: “So where is the part about laying down a strategy or developing an initial policy that needs to be followed[?]” He goes on to note that CSC doesn’t seem to be concerned with system-specific risk analysis anymore, and has relegated the security process down to a ‘top 20′ list, with managers being most focused on numbers 1-20, and relatively unconcerned with risks that fall outside the list. To hear more of what @cyberhiker has to say, you can read the full post here.

#1 – Sanitize Those Web Apps: The first blog post in what will be (we hope) a fairly long series, @geminisecurity discusses the often overlooked topic of cleaning up web apps. Writing that “[c]leaning such data is vitally important in maintaining the security of a website or web application,” @geminisecurity offers some helpful tips on how to keep your web apps squeaky clean. Since we’re running out of clever euphemisms for keeping things clean, we’ll just let you read the post for yourself.

Well, that’s all for this week. Be sure to follow me @grecs during the week for more great posts from local bloggers. And a happy belated Father’s Day to all of you Dads out there!

o o o o o

Speaking of great local bloggers… we’re looking for some great guest bloggers to feature on NovaInfosecPortal. If you’re interested, feel free to contact us or send us a tweet.

Tags: 20-security-controls, csc, cyberhiker, dc, electricfork, gemini-security, hacking, infoesc, information security, infosec, local-bloggers, local-security-bloggers, md, nova, sanitizing-webb-apps, security, top-3-nova-bloggers, web-apps

This entry was posted on June 22, 2009 at 9:00 am and is filed under Infosec Blogs/Podcasts. You can follow any responses to this entry through the RSS 2.0 feed.