Monday, July 25, 2011

Wednesday, July 20, 2011

Shackleford and InfoSec IDGAF

Speak softly and carry a big stick rarely applies to Shackleford, as his opinions are almost always as blunt and in your face as the American Gladiator style weapon he uses as his stick is big. And in his latest blog post he does not disappoint, introducing the concept of IDGAF security and designing for this lowest common denominator. Great stuff. Application whitelisting and NAC are two of my own favorite big sticks (check out Cisco ISE, identity at the packet layer, mmmmmmm) but my only bone to pick is the lack of definition of the term "traditional" in his statement "Traditional security awareness programs are useless. Give them up. Do it now." My assumption is that "traditional" means the existence of a weak security awareness program simply to satisfy the compliance checkbox and that has no teeth. To which I would absolutely agree. But when you have the technologies with teeth meant to enforce policies, those policies must first off exist and secondly they must be communicated throughout the business. And this should be done through "non-traditional" security awareness programs.

Oh, who am I kidding? IDGAF.