The sharing of knowledge among security professionals is vital to helping everyone stay ahead of developing threats.
.
A R T I C L E S I A N D I W H I T E I P A P E R S Part 2
The Difference Between Feeling and Reality in Security - Commentary by Bruce Schneier on perceptions related to security
Security is both a feeling and a reality, and they're different. You can feel secure even though you're not, and you can be secure even though you don't feel it. There are two different concepts mapped onto the same word — the English language isn't working very well for us here — and it can be hard to know which one we're talking about when we use the word.
Inside the Twisted Mind of the Security Professional - Commentary by Bruce Schneier on what constitutes the security mindset.
"Good engineering involves thinking about how things can be made to work; the security mindset involves thinking about how things can be made to fail. It involves thinking like an attacker, an adversary or a criminal."
The China Security Threat - Michelle Price, Information Age
Emboldened and supremely ambitious, the ever-formidable Chinese economy undoubtedly presents an exciting emerging prospect in the flattened landscape of globalised commerce. But the proposition is not without significant caveats. Indeed, had China sceptics required any further suggestion that the country’s breathtaking pace of advancement might – at least in some respects – be doing more to indirectly harm Western businesses than to favour them, it has, in recent months, been forthcoming.
Search Security provides several informative articles regarding security certifications:
SearchSecurity.com guide to information security certifications
The vendor-neutral information security certification landscape
Guide to vendor-specific information security certifications
The site also provides questions and answers about certifications and other security issues.
How to Assess Offshore Data Security - Adam Ely, Information Week
The global IT outsourcing trend shows every sign of continuing, with two-thirds of the 2007 InformationWeek 500 tapping offshore outsourcing. With experience, companies get confident in moving ever-more-sensitive IT or business processing work abroad. One of the foremost concerns for business technology managers is exposing data, so here we provide a broad overview of key areas to watch and delve deeper with offshore partners.
Computer Forensics Faces Private Eye Competition - Deb Radcliff, Baselinemag.com
Who has the right to probe digital crime? That very question may be the next battleground between the flatfooted private detective of old and the new-age computer sleuth.
Understanding the Web Browser Threat: Examination of Vulnerable Online Web Browser Populations and the "Insecurity Iceberg"
- Stefan Frei, Thomas Dubendorfer, Gunter Ollmann and Martin May
In recent years the Web browser has increasingly become targeted as an infection vector for vulnerable hosts. Classic service-centric vulnerability exploitation required attackers to scan for and remotely connect to vulnerable hosts (typically servers) in order to exploit them. Unlike these, Web browser vulnerabilities are commonly exploited when the user of the vulnerable host visits a malicious Web site.
Sun Tzu Art of War in Information Article:
Knowledge Strategies: Balancing Ends, Ways, and Means in the Information Age
- Lieutenant Colonel William R. Fast, United States Army
Information age technologies are changing values and national interests, both of which drive the formulation of national security strategy. The strategy equals ends plus ways plus means paradigm must change. Information age knowledge strategy seeks the ends of cooperative and dynamic competition, uses the ways of network node control and organizational adaptation, and requires the resource means of valued information enhanced by experience in exploiting that information. A successful information age security strategy requires that we balance the ends, ways, and means of knowledge strategies..