Wednesday, April 27, 2016

Book Notes: Beautiful Security and The Myths of Security

Been awhile since I've done any book reviews or the like on this blog.  Am a little behind on my series looking at the "20 Books".

I'd thought I should bring to peoples attention a pair of books that came out a few years ago.  No so much technical security works as more philosophical:  Beautiful Security and The Myths of Security.  Both are from O'Reilly and came out in 2009.  And both share an author (kind of).

Friday, April 22, 2016

New in the Internet of Things

While I await my CHIP to arrive, I thought I'd note some of the other new items that have popped up in the last few months in terms of new boards for IoT.  I think most should be aware of these, but some may not be aware of all of these.

Wednesday, April 20, 2016

Security BSides Tampa Report

On Saturday, April 16th, the third Security BSides Tampa was held.  This year it was hosted at Stetson College of Law- Tampa Campus.  This was the third year of this event, but my first time attending.  I also gave a talk.  They had 3 keynotes, about 15 speakers broken up over 3-4 tracks, and in addition had a Maker/Hacker Space, capture the flag event, lockpick village, and vendor space.

Monday, April 18, 2016

One of my slides from my NIST CSF presentation

When I did my recent presentation on the NIST CSF at BSides Tampa, I had some ask about the source of one of the pictures in my presentation.

All the pictures I got off Google Images, btw.

Here is the picture in question:

The source is this article on the ISACA website, in the section on "Information Security Management at HDFC Bank"

Hope this is of use to others.

Wednesday, April 13, 2016

NIST hosts a Cybersecurity Framework Workshop for 2016

For two days, April 6 and 7 2016, NIST (National Institute for Standards and Technology) hosted a workshop for the Cybersecurity Framework (CSF).  This is the 7th they have held.

In developing the CSF, NIST held a series of 5 such workshops to gather feedback which was used in developing the Framework.  A 6th workshop was held shortly after the Frameworks release.  As part of the process in further developing and supporting the Framework, NIST put our a Call for Information (CFI) on the Frameworks use as well as solicite comments on possible improvements or revisions (say a 1.x update or a 2.0 update).  This CFI ran from December to February of 2016.  This workshop was held to review the outcomes of that CFI, as well as to gather further feedback.

For more info on these past workshops, go HERE.  At present, their report on this workshop won't be available until mid May, however, the webcast recordings should now be available.