I love this and tend to use it as a starting point for a discussion with people, especially non
techie people.
10 Immutable Laws of Security
It was posted back in early 2000's and I think is still relevant.
Another Microsoft product that I like is this
Microsoft Security Assessment Tooltechie people.
10 Immutable Laws of Security
It was posted back in early 2000's and I think is still relevant.
Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer any more
Law #2: If a bad guy can alter the operating system on your computer, it's not your computer any more
Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer any more
Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more
Law #5: Weak passwords trump strong security
Law #6: A computer is only as secure as the administrator is trustworthy
Law #7: Encrypted data is only as secure as the decryption key
Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
Law #9: Absolute anonymity isn't practical, in real life or on the Web
Law #10: Technology is not a panacea
Another Microsoft product that I like is this
Expect to spend at least 20 minutes filling it in. Then save the report off for comparison for again.
Found this book, ISO 27001 in a Windows Environment, nice easy read by an Irish man Brian Honan Link
For passwords, Steve Gibson has a password generator on his site, very cool
Password generation
and a password checker (how long to brute force it)
Password Haystack
A port checker
Shields Up
And so much more, go check it out www.grc.com
Where did this all come from, ISO 27001 requirements.
1 comment:
Thanks for the kind comments on the book Joe. Very much appreciated
Post a Comment