I received a couple of emails in regards to some of my posts where I
refer to the fact we must have a “higher level” of thinking when it
comes to information security. The question in these emails asks just
what higher level means… and what it consists of.
I wish I could take credit for this type of thinking, but it really
was taught to me by Kevin Day. However, I don't mind passing it on to
you to further that knowledge to others. Most of this is ripped from
his book “Inside the Security Mind“, and I highly recommend you check out the book if you don't already own it.
When looking at infosec as a whole, we got to stop worrying about
the next wiz bang security tool and start thinking about security best
practices that when followed, will help to keep an organization safe.
Even though the security landscape is constantly changing, these
practices (when applied) will adapt to the highly dynamic nature of
information warfare and allow you to repel your adversaries without
much incident. And that is what makes a higher security mindset.
So lets talk about seven best practices, that when applied, will do
more to protect you than running to buy the next wiz bang security tool
uninformed. . . .
[Dana Epp's ramblings at the Sanctuary]