Skip to main content

Unified theory of Information Security

Lets call this a If we use the building metaphor for infosec to talk about the industry  

Vulnerabilities  vs weaknesses vs compliance findings  ( need more clear definitions) 

Consultations are going to an architect to see if an idea is solid or can be implemented better.

Threat modeling is walking and walking through a complete blue print discussing both security best practices, weaknesses in the design, and zoning/safety laws(compliance).

White box security testing  is walkthrough and inspection with some gentle use to make sure you were built up to code and no defects popped up because substandard materials got into the build.( Shit happens)

Black box security testing or black box penetration testing is asking a security company to assess you like an attacker would. 

Vulnerability management would then be regular inspections for mold or wear and tear damage. 

Incident response is an emergency repair team that can be called on for many reasons. They can implement quick fixes and catch a lot of things but sometimes they'll need to reengage the architects / assessors/ builders of the application. 


Comments

Post a Comment

Popular posts from this blog

Cash Rules everything around me

Cash rules everything around me CREAM, get the money Dollar dollar bill, y'all Cash rules everything around me CREAM, get the money Dollar dollar bill, y'all
Post a Comment
Read more

Learn (and remember) all the things!

Post a Comment
Read more

The enemies gate is down II

The enemy gate is down...in Security there is only one source of gravity. The health of the organization. In corporations that's revenue or improvements to process. That's the inherent complexity with working in security...you're actually working to enable the business.
Post a Comment
Read more