AusCERT

Hello from the train where i have many of my few rare blogging minutes. I am writing a paper/presentation at the moment for AusCERT as i haven't been for a number of years and swore to myself if i went again i would deliver a presentation. I looked at the program for last year and was amazed by the number of vendor tracks . Maybe this is why we have chatter that AusCERT has lost its edge ? I guess this is what happened to RSA it started out technical and crypto and then became a trade show .how do we make the largest conference in Australia better ? Relevant topical content i guess ?

---- 
Sent using a Sony Ericsson videophone

We need assurance

Was thinking about mark snow's presentation at AusCERT and the recent interview with that geekonomics guy on risky business . It would be good to establish a 0 to 5 star labelling scheme for software for security just like the one in place with EuroNCAP for car safety . Who better to establish such a scheme than audit firms ?

---- 
Sent using a Sony Ericsson videophone

More car analogies

Security is like car safety , when you have active safety you can avoid incidents when you have passive safety you can minimise damage from incidents to the occupants. Active safety in motoring are things like good brakes headlights etc passive safety are things like air bags crumple zones seat belts fuel cut off valves etc. Infosec equivalents for these that let you drive at high speeds and not die in a crash are : headlights = threat intelligence services and IDS brakes = ? Fuel cut off valve = CSIRT Speedo = SEIM Right foot control = risk management accelerator = risk management framework crumple zones = DMZ

---- 
Sent using a Sony Ericsson videophone