So we are living in the
information age, so they say. In Cybersecurity
we constantly find ourselves attempting to defend systems and ultimately
information. One of the ways we do that
is by getting intelligence. It’s kind of
like the Maginot Line. The Maginot Line was designed for use during
World War Two using a World War One mindset.
The line consisted of numerous tunnels, walls, and forts which ran along
the border of France and Germany. It was
thought that these fortresses would be superior to the trenches experienced in
World War I. However, the world changed! While the Germans were not able to route the occupants
of these fortresses they were able to bypass them and take France. Ok, so intelligence or information informs our
decisions. It enables us to focus on
what we are trying to protect and more importantly the best way to go about it. I’ve divided information gathering in this
context into a few categories.
1. Blogs or internet
Media
2. Vendors
3. People, Conferences,
and Groups
Since we have decided to get
more information how do we know what to trust?
The place to start is finding out what other people are doing. For example check out a blog. I like Krebs
on Security. This blog is run by a
veteran in the field. He will tell
various stories from a unique perspective.
In addition he has invested significant time in creating online personas
which have access to the darker side of the web. I also like to check on Bruce Schneier. Bruce is less involved but more
academic. Reading his work will help you
understand concepts. Lastly check out
some security podcasts. These will
typically contain up to date information.
I typically check on Security
Now.
That covers blogs and current
events. You can also subscribe to the
vendors for the systems you protect. The
most obvious example would be Microsoft TechNet. Many people realize that Microsoft has a
patch Tuesday, but not everyone realizes they send out messages about those
updates a week before. You can even sign
up to get them via e-mail and notifications via twitter if you sign in with a
live ID. HP is another good
example. When you register products they
will notify you via E-mail of important driver and system updates.
Lastly, talk to people. Take a class at a lowly university. If you can get there go to a conference.
You can also join some other organization like Infragard. The key to all of this is talk to
people! People have experiences and may
have considered methods you have not.
They may also recommend programs, products, software, and other people!
While all of these ideas are
a good place to start they can’t be the end.
One of the reasons it is important to develop and grow a security intelligence
network is threats are ever present. As
a professional you must design, document, and tailor your own network. As always trust what you hear buy verify the veracity.
No comments:
Post a Comment