Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Information Security Principles

From: gf gf <unknownsoldier93 () yahoo com>
Date: Wed, 10 Mar 2004 23:18:34 -0800 (PST)
I recently had the opportunity to meet with the head
of IT Security for a large government agency. 
Although he didn't seem to be an expert on the
technical details (no surprise there), I must admit
that it was enlightening to see how he viewed things:
talking about the goals of security (availability,
authenticity, and confidentiality), risk assessment
and management (see
http://www.microsoft.com/technet/itsolutions/msit/security/mssecbp.mspx
for a good use of this), security policies, and
methodologies.

I realize now that my training and experience have
been mainly in the low level, applied end - what most
of us would consider the meat - protocols, app
security, OS internals, etc.  I'd like to expand my
horizons a bit, and look at things from the other end
- more general, more abstract - getting the bigger
picture on information security.  Yes, we tend to
write these things off as fluff - but there is
something to be said for them, as well.

What does everyone think about this?

Could anyone recommend a good book on these topics?


__________________________________
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster
http://search.yahoo.com
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: