I love this and tend to use it as a starting point for a discussion with people, especially non
techie people.
10 Immutable Laws of Security
It was posted back in early 2000's and I think is still relevant.
Another Microsoft product that I like is this
Microsoft Security Assessment Tooltechie people.
10 Immutable Laws of Security
It was posted back in early 2000's and I think is still relevant.
Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer any more
Law #2: If a bad guy can alter the operating system on your computer, it's not your computer any more
Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer any more
Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more
Law #5: Weak passwords trump strong security
Law #6: A computer is only as secure as the administrator is trustworthy
Law #7: Encrypted data is only as secure as the decryption key
Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
Law #9: Absolute anonymity isn't practical, in real life or on the Web
Law #10: Technology is not a panacea
Another Microsoft product that I like is this
Expect to spend at least 20 minutes filling it in. Then save the report off for comparison for again.
Found this book, ISO 27001 in a Windows Environment, nice easy read by an Irish man Brian Honan Link
For passwords, Steve Gibson has a password generator on his site, very cool
Password generation
and a password checker (how long to brute force it)
Password Haystack
A port checker
Shields Up
And so much more, go check it out www.grc.com
Where did this all come from, ISO 27001 requirements.
Thanks for the kind comments on the book Joe. Very much appreciated
ReplyDelete