It’s that time of the week again when we bring you the best of local security blogs. But before we get to that, we thought we’d share our tweet of the week along with a #totw that deserves honorable mention to get your afternoon started with a few laughs.
Our official #totw was a RT by @danphilpott
- Lol. #totw RT @danphilpott: I wonder why when people put computers on the cloud they don’t fall straight through.
Honorable mention belongs to this tweet by @iamnowonmai because it’s so true!
- So true. RT @iamnowonmai: @jack_daniel @mortman @smalm 1 of 1st lessons most successful folks learn is EVERYONE is in SALES. #totw
Now, on to the posts!
#3 – Risk acceptance – does it really matter? In this business, we deal with risk. We calculate it and tell our bosses what the risks is but they decide what happens next; either reduce it or it’s acceptable. Wadew asks “what happens to that executive or government official when the system DOES get hacked through vulnerability with “accepted risk”? Do they get fired? Demoted? Ordered to pay restitution losses?” Be sure to read the post to find out what happens to the executive or government official here
#2 – Assumptions and Dependencies: Leave it to Rybolov to hit the nail on the head when it comes to assumptions and dependencies and why “controls are not one-size-fits-all. Neither are test cases.” This is a must read post if you work in a “catalog-of-controls culture.” Be sure to read the full post here to find out about tailoring the controls for building security requirements; building test procedures and assessing risk and performing risk management.
#1 – Embrace Murphy’s Law: “Anything that can go wrong will go wrong.” Planning for anything other than Murphy’s Law isn’t planning. A great post about planning for the inevitable “Murphy’s Law enlightens us greatly in this regard: if we don’t embrace failure, then failure will embrace us. And, as no position is absolutely defensible, it seems that a good place to start embracing Murphy’s Law is in enhancing system and process recoverability.” Be sure to read the full post here to be better prepared for system failures and see some of the recommended practices.
Well, that’s all this week. Be sure to check back next week for greater blog posts from local security bloggers.
No related posts.
