Eric Humphries
Cybersecurity Lead
More by Eric Humphries
IT Asset Management – Where to Start
Not enough emphasis is given to IT asset management. This is one of the first things an organization needs to get under control before they can really implement any security program.
Vulnerability Disclosure Submission Standard?
This RFC aggregates all of the recommended mailbox names that network and computer operators should setup depending on what public services they offer (You did setup and continue to monitor important mailboxes like postmaster, abuse, and so on, right?).
Firewall Configuration Review
Firewalls are a spot of contention for many within the information security community. Many people put too much faith in a network firewall and assume that because there is one on the network somewhere, that they're “hacker proof.” Others do not put enough faith in a network firewall because many are deployed improperly or they're deployed in the wrong spot on the network, or not enough firewalls are deployed to provide adequate protection within their environment. There are seemingly endless technical challenges when it comes to proper deployment, configuration, management, and review of firewalling technology.
Virtualization Security Resources
This entire blog entry will be a list of places to find guidance in terms of virtualization security and compliance. It is by no means exhaustive; I’ll leave the rest of the resources out there as an exercise for the reader.