July 24, 2006

Good Morning:
Hope everyone enjoyed their weekend. I for one, had a good one but it was far from restful. We took the whole kit and caboodle to Chattanooga, TN to meet some friends passing through. It's a fun city with a lot to do for the kids, but let's just say one of my twins is in the throes of the "terrible 3's," so it makes life exciting to say the least.

On the security front, today I'm focusing a bit on management. Not that I really planned it this way, but when I took a look at the interesting articles I flagged over the weekend, most seemed to touch on management in one way or another. To be clear, my position on this hasn't changed much. I don't think security management is a standalone activity. It needs to be subsumed into a bigger log management category or be aligned with operational management capabilities that the NOC and data center folks have been building for years.

Another of my eclectic blog links is this one (here [1]) from Seth Godin. Right, the "small is the new big" dude. I think I'll forgive him for that little transgression (how dare he go against my mantra) because so much of his writing is so insightful. Here he deals with how to give good feedback, and it starts with "it's not all about you." A good part of what I do for a living is to provide feedback and I like to think that I'm pretty faithful to these rules (even though I didn't know about them until yesterday). Whether we do things or manage things or pontificate on things, we all probably provide feedback in one form or another. "Be a mensch" is what my Grandma would say, and that's what Seth outlines here.

Have a great day.

Top Security News

http://www.darkreading.com/document.asp?doc_id=99567 [2]
Technorati tags: security [3], IT spending [4]
Link to this [4]

http://www.informationweek.com/story/showArticle.jhtml?articleID=190900488 [5]
Technorati tags: insider threat [6], application security [7]
Link to this [7]

http://www.eweek.com/article2/0,1895,1988869,00.asp [8]
Technorati tags: log management [9], LogLogic [10]
Link to this [10]

http://taosecurity.blogspot.com/2006/07/sans-log-management-summit.html [11]
Technorati tags: log management [12], SANS [13], SIM [14]
Link to this [14]

http://www.darkreading.com/blog.asp?blog_sectionid=327 [15]
Technorati tags: SIM [16]
Link to this [16]

Top Blog Postings

http://mcwresearch.com/archives/237 [17]
Technorati tags: exploits [18], responsible disclosure [19]
Link to this [19]

http://realtime-itcompliance.typepad.com/itcompliancecommunity/2006/07/have_you_starte.html [20]
Technorati tags: security training [21], Global Security Week [22]
Link to this [22]

http://www.spamroll.com/blogarch/2006/07/your_site_seems.php [23]
Technorati tags: application security [24], database security [25], penetration testing [26]
Link to this [26]

http://www.spamroll.com/blogarch/2006/07/popularity_of_a.php [27]
Technorati tags: AV [28], anti-spam [29]
Link to this [29]

Recently on the Security Incite Rants Blog

Dark Reading's Top 10 IT Security Myths Demystified - Part 1
Over the next week or so, I'll weigh in on Dark Reading's Top 10 IT Security myths and give you my perspective. In this first installment, I take them on relative to whether there is a data security epidemic and the idea of whether Microsoft alternatives are really that much more secure.
http://securityincite.com/blog/mike-rothman/dark-readings-top-10-it-security-myths-demystified-part-1 [29]

EAC Blog: The Age of Research Accountability
The folks at TechTarget were kind enough to allow me to repost the work I did on the Expert Answer Center to my own blog. This post sets the stage by going into a bit about me and why the status quo of IT research made me nuts. So nuts that I decided to do something about it.
http://securityincite.com/blog/mike-rothman/eac-blog-the-age-of-research-accountability [29]

Read Friday's Daily Incite
http://securityincite.com/blog/mike-rothman/TDI-2006-07-21 [29]