Security Balancetrying to bring balance to the Force |
 |
I was reading the post that I just published when I noted that the post right before that was complaining about attempts to standardize diversity, the curse of the “best practices”. The funny thing is that on the last post I tried to make the case for a big standard, that would probably end up [...]
I was happy to find Anton Chuvakin’s post about the issues of doing security based on risk management a few days ago. As I said on my twitter, “discussions about decision making (risk based vs. others) is the only thing interesting for me today on the security field”. Anton made a very good summary about [...]
Probably not enough content for a post, but certainly for a tweet
It’s common to see on the security standards, frameworks and best practices a lot of “standard” ways of doing things like access control and patch management. The problem is the organizations are extremely different from each other, not only on the technology but [...]
New Firefox versions will warn you when your Flash plugin is out of date.
This is a cool idea and will help users that are not aware of the need to update software like Flash and Acrobat Reader. I can also see this as the beginning of a trend to centralize the updating of all the crap we [...]
A was reading this article about AppLocker, the application control system from Microsoft that runs on Windows Server 2008R2 and Windows 7 clients. There seems to be some very good improvements there, specially the “automatic rule creation” part.
In, short, an organization can build its “gold image” desktop, with all necessary apps, and run the automatic rule [...]
