It’s amazing how much work can accumulate when you’re only gone from the office for two days. You can see from the short list of items today that I wasn’t overly impressed with the content out on the blogosphere. Once you weed out all of the postings about the IBM acquisition of Watchfire and the Julie Amero trial you’re not left with much to talk about 🙂
Here’s the list:
How to Deploy Vista Security—Piece by Piece – I have yet to install Vista but the improvements do make it sound…finally useable 😛
There’s a bushel of security enhancements in Windows Vista—they comprise the most important aspect of the new operating system and the most compelling reason to upgrade, analysts say—but they’re not all perfect, nor are they silver bullets.
Common Event Exchange Formats – XDAS – Wow…this article brings up nearly all of my comments and concerns about “common” formats. Check it out.
CEE, the Common Event Expression standard which is a work in progress, lead by Mitre. I was one of the founding members of the working group and I have been in discussions with Mitre and other entities for a long time about common event formats. Anyways, one of the comments to my blog entries pointed to an effort called Distributed Audit Service (XDAS). I have not heard of this effort before and was a bit worried that we started something new (CEE) where there was already a legitimate solution. That’s definitely not what I want to do. Well, I finally had time to read through the 100! page document. It’s not at all what CEE is after. Let me tell you why XDAS is not what we (you) want:
Could I Have a Side of Fries With That Security Please? – Interesting awareness idea.
Now, I’m not saying you should go out and buy McDonald’s biscuits and burgers, attach a security or privacy motto to them, and hand them out to everyone. Not only would the vegetarians likely be upset, but what company has an information security education budget to be able to afford that? Unless you could get the local McDonald’s…or Culver’s (my personal preference), or Dairy Queen, or Subway, or whatever…to donate enough of their tasty tidbits. Hmm…there’s an idea…
2007 Log Management Survey Detailed – I’m not shocked by the results. Everyone I speak with on the topic indicates that compliance is a primary driver for acquiring a log management solution.
Turns out that despite its importance, security is not the prime motivation for log management. More than half of those surveyed reported operations management and monitoring the health of the network as the prime motivation for using log data. And, 43% indicated compliance with SOX, PCI and other mandates as the top priority.