Salty On Security

Opinions about security and organization health.

About

Security is misunderstood. It’s not as complicated as it seems, and there’s a lot of common sense available if you want it. Furthermore, the practices that make products and organizations excellent tend to also generate strong security. I’d like to share these with you.

Recent Posts

CIS 13.9 - NAC

CIS 13.9 is heavy.  It requires big investments in the most expensive network gear, requires a fair amount of work to maintain, and can break systems if people make mistakes.  It provides good protection from expert onsite attacks: nothing gets to talk unless it’s allowed.  

CIS 1.3-5 - Discovery

CIS 1.3 - 1.5 use technical solutions to find all the IT Stuff for you, and report it back to your central inventory. They suggest three approaches, but there are bunches.

CIS 1.2 - Standard Work

There are several standard processes that most organizations will need to keep the inventory healthy and credible.  Some can be integrated with existing processes, but none can be totally eliminated.  CIS 1.2 proscribes the largest and most important kind of standard work: triage.  

CIS 1.1 Part 2 - Useful Information

CIS 1.1 contains the core mission of CIS 1: have an accurate Inventory of IT Stuff.  The other CIS 1 controls are just supporting ways that help deliver that core mission.