Wednesday, October 04, 2006

Nice NIST Notes

It’s been wild here in my organization for the last few weeks. My efforts to get InfoSecToday off the ground have been sidetracked more than a handful of times due to work, kids, old diesel cars, etc… . For those of you who don’t know me directly, I work for a Fortune 100 (almost) Property & Casualty insurer in the Northeast US. Several weeks ago, not only did we lose our fearless leader in the Info Sec space, but also we were informed that our group is being reorganized into a yet-to-be-determined “matrix” structure. As the Flight Attendants always say – “Please be sure that your seat backs and trays are in the upright and locked position for Landing”… More to come…

Anyway – here is yet more really, really good reading from our friends down at NIST regarding Forensic best practices. If you don’t visit their site often, you should. Located there are sets of docs that can make a great foundation for almost any Standard you need regarding topics like forensics, device configuration, RFID (like we don’t have issues there), SCADA, performance metrics, and more.

One of the problems that I’ve consistently seen across a scattering of IT Security orgs is a lack of basic understanding of what really constitutes InfoSec best practices. Sites like NIST’s, go a long way towards bettering our abilities to craft meaningful policies and standards, as well as having a grounding in something that is “external” to our respective organizations. This makes it much easier to be Selling Security to out Business partners.

Lastly (for today) – thanks Mike for the “plog”. (Plugging my Blog)

Anyway –

Bill P

No comments: