Just some links I found that are useful for basic reading/watching/listening:
I have not yet found a good list of security basics for the IT department of small and medium sized organizations.
I'm looking, as I want my list to be based of research not gut.
I was at last years ShmooCon and there was an EXCELLENT talk on good inexpensive basic security. I had a five minute talk with the speakers trying to work out a way to extend their talk into a full blown conference. I was over-reaching. Just now, a full year later, I'm bringing this to your attention.
WATCH THIS FIRST it is that shmoocon talk posted on youtube.
The first 36 minutes focuses almost exclusively on AppLocker, a very useful and important tool in the IT toolbox.
Next up is client side firewalls. A much maligned and seriously overlooked option that makes a BIG difference in how things work. That is most of what they cover, but listen to the words and concepts. They are talking about the basics, not the fancy expensive stuff. Listen to minute 47 and 48. Aaron states "make it too expensive to attack you and they will go elsewhere".
These two succeed in putting good basic security into their environment.
The rest of us should follow suit.
The SANS reading room, basics section.
An older writeup by someone working in the pharmaceutical world. Not great but does have some good ideas.
CSO Online basics series, some of which is very good and much of it is .... not so good. read carefully.
Mississippi Government page on basic online security which is mostly a group of links, much of which is worth reading.
No comments:
Post a Comment