Computerworld - My organization is changing rapidly these days. We're selling our key technology in several global markets, and we're looking for ways to improve the way we work. One avenue is through outsourcing.
After an internal debate about outsourcing our security monitoring work, we concluded that the time wasn't yet right. However, we are ready to outsource other technologies. These aren't core to our business, and they're expensive and difficult to do properly. One such technology is our outward-facing Web site.
THISWEEK'SLINKS
Want to know which legal security issues might affect your organization? From HIPAA to the Gramm-Leach-Bliley Act, you’ll find the details in the Bethesda, Md.-based SANS Institute’s Information Security Reading Room.
Look here for a useful collection of links about important legal security issues.
SECURITY BOOKSHELF:
Know Your Enemy, by Lance Spitzner, (Addison-Wesley, 2001) is an offshoot of the Honeynet Project and sets out to explain some of the knowledge the project leaders have gained from running a honeynet.
Like a honeypot, a honeynet tries to trick an attacker into wasting time and revealing his hand by attacking a fake system. But a honeynet does this on a much larger scale: It appears to be a whole company online, complete with Web, e-mail and domain-name servers.
Spitzner runs an excellent Web site, but the book is disappointing. The writing is stilted and highly repetitive. What’s worse, the book takes a fascinating and enthralling project and trivializes it to a simplistic technical write-up and then pads it out with pages and pages of filler.
The project leaders obviously learned from many failures, but we never get to hear about them. Instead, we get the lessons learned in dry, technical prose. This book fails to capture their pioneering spirit and the risks they took to gather valuable knowledge. That’s a pity, because both the technical knowledge and the personal experience of running the Honeynet Project are fascinating.
Before I specialized in security, my professional background was dark and mysterious. I used to be heavily involved in network provision to the academic community, and as part of this, I was once very senior in the world of domain-name services. This experience encouraged my naturally strong cynicism, as I could have domain-squatted on some
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
