Tag: organization

  1. DefCon 22 presentation notes

    20 August 2014

    Behind the cut are the notes I took during DefCon 22, organized by name of presentation. Where appropriate I've linked to the precis of the talk. I make no guarantee that they make sense to anybody but me.

    One Man Shop: Building an Effective Security Program All By Yourself - Medic

    • Integrate with environment
    • Continuous monitoring
    • People and Process -> Secure Network Architecture -> Secure Systems Design -> Continuous Monitoring -> External Validation -> Compliance
    • Compliance, per usual, means dick in the final analysis
    • Roughly five year plan w/ deliverables
    • Needs organizational supprt. Still answers to the Business.
    • Supports, !replaces Business
    • Security will not mature past …

    Read more...