The InfoSec Blog

System Integrity: Without Integrity you don’t have Security

Related Posts
Recent Posts
Calendar
August 2008
M T W T F S S
« Jul    
 123
45678910
11121314151617
18192021222324
25262728293031
Archives
Technorati
Subscribe

Enter your email address:

Delivered by FeedBurner

Search

infosecblog Web
emergence SI Site
Categories
Advertisments
November 18th, 2006

Encyclopedia of IT terms

By Anton Aylward

CMP ChannelWeb have an on-line encyclopedia of IT terms. THis is a useful addition to my toolbar for composition, along with a more conventional dictionary.

ChannelWeb Logo

The definition of ‘information security‘ seems limited to access control, which is very disapointing. The definition for ‘computer security‘ is more comprehensive. Never the less, to a security professional both these definiotns are lacking.

What screams out to me, and this is very obviously my bias, is the lack of any mention of INTEGRITY in these defintions. As I keep pointing out, if you don’t have integrity, any other efforts at security, be it information security, or “Gates, Guards, Guns and Dogs” physical security, be it backup and disaster recovery, be it access control, be it 1024-bit SSL, are all going to be pointless.

Its not until we follow a few links at the Enclyclopedia do we come to a mention of Donn Parker’s six fundamental and orthogonal attributes of security is ther mention of ‘integrity’. Even so, that defintion has only a like to ‘data integrity‘. There is a separate defintion for ‘message integrity‘. While these specific items are important, they are details. What is alcking is a general definition of “Integrity”. Once again, Fred Cohen’s seminal 1997 article on the importance of Integrity comes to mind.

No, a much better reference is Rob Slade’sDictionary of Information Security“, which, of necessity, emcompasses many IT terms.

Posted in FAQ, Rants and Raves | No Comments
October 21st, 2006

The CISSP Forum FAQ

By Anton Aylward

Its one of those bootstrap problems - the new CISSPs who need to read the information can’t get at the FAQ on how to sign up for the CISSP Forum because they need to be members of the forum in order to read the instructions.

Yes, I know the information is at the (ISC)2 web site, but that’s an incredibly difficult site to navigate.

Because of this, Gary Hinson and myself, each quite independently, took the CISSP Forum FAQ and converted it to a web page, adding hyperlinks etc. The two pages are at:

Both sites are very rich, but very different in nature. Gary makes use of custom mind-maps to assisit in navigation, whereas the Wiki allows for registered members - CISSPs - to contribute.

The CISSP Forum at YahooGroups is very active. It is not a purely technical group, but an active support group for CISSPs. It handles well over 1,000 messages a month and is the kind of “social network” that some vendors would pay millions of dollars to own - if it wasn’t a closed group that spurns advertising.

The astounding thing is that so few CISSPs know about it. (ISC)2 seems to make no effort to publicise it to people as they gain their certification.
If you are a CISSP, visit either of those two pages, or better still go directly to the (ISC)2 web page for registration - https://www.isc2.org/cgi/cissp_forum.cgi - and sign up.

Technorati Tags: , , , ,

FAQ, Security | Comments Off
|

The InfoSec Blog is powered by WordPress | Using Tiga theme with a bit of Ozh Feed Shark