Fortune Cookie Security Advice – April 2009

Everyone wants information security to be easy.  Wouldn’t it be nice if it were simple enough to fit snugly inside a fortune cookie?  Well, although I don’t try to promote such foolish nonsense, I do on occasion pass on readily digestible nuggets to reinforce security principles and get people thinking how security applies to their environment.

Common Sense
I think the key to fortune cookie advice is ‘common sense’ in the context of security.  It must be simple, succinct, and make sense to everyone, while conveying important security aspects.

Fortune Cookie advice for April:

Capability, intent, and focus are the defining aspects to quickly prioritize threats.

The world of information security threats is vast.  We can easily be overwhelmed with different components, processes, impacts, and concerns.  Quickly identifying the benign from the urgent is a competitive advantage.  In order to organize and prioritize, we must have a consistent method to judge criteria.

I submit the three most compelling aspects are related to the attacker who is committing the violation.  Their capability to do harm, defines the likelihood of a successful attack.  The intent of the attacker has significant implications for the likelihood to detect activity and the persistence of continuing attempts.  Lastly, the focus of the attack, whether it is targeting you specifically or just looking for opportunistic victims, completes the overlapping picture to understand the precision of activities.

Given these three aspects, a quick evaluation can be made to determine the severity of the threat and attacks.  Of course this is just the first step necessary for triage, while a full evaluation should be conducted for the areas which rise to the top of the severity list.

/javascript:;

/javascript:;

/javascript:;

/javascript:;

/javascript:;

/javascript:;

/javascript:;

/javascript:;

/javascript:;

Published on Categories Archive
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.