Monthly Archives: November 2014

Security Checklists and the US National Checklist Program

Posted on November 24, 2014 by Russell Doty

If you are going to perform a security audit you need a checklist. Let’s spend a minute on this. If you want a predictable outcome, you need a standard process – a standard set of steps to go through to … Continue reading →

Posted in Security | Leave a comment

Availability of OpenLMI in Various Linux Distributions

Posted on November 19, 2014 by Russell Doty

A quick update on the availability of OpenLMI: I have tested Fedora, RHEL, CentOS, and OEL servers using the LMI CLI running on a Fedora system – the cross platform access works. Fedora Fedora is the primary development platform for … Continue reading →

Posted in System Management | 2 Comments

LISA’14 – Are We Making Linux Too Easy?

Posted on November 18, 2014 by Russell Doty

LISA’14, the Large Installation System Administration conference, was held in Seattle last week. I had the opportunity to give a talk on Server Management – if you are interested, the slides are available here. One of the questions caught me … Continue reading →

Posted in System Management | 8 Comments

Automation – a Security Imperative

Posted on November 18, 2014 by Russell Doty

So far we have established: Security Guides are a good idea and exist in almost all organizations. Security audits are good and widely used. Security guides are often poorly written, subject to interpretation, and difficult to apply. Security audits are … Continue reading →

Posted in Security | Leave a comment

System Audits – There Has to be a Better Way!

Posted on November 10, 2014 by Russell Doty

We’re now at the point where we can discuss a system audit. We have defined what an audit is, what security requirements are, and what a security guide is. At the most basic level, a system audit involves examining a … Continue reading →

Posted in Security | Leave a comment

High Level Requirements for a Security Guide

Posted on November 6, 2014 by Russell Doty

Let’s lay out some basic requirements for a security guide: The security guide must exist. It must be available, updated, and maintained. The security guide must incorporate relevant government and industry requirements. The security guide must be actionable. If it … Continue reading →

Posted in Security | Leave a comment

What is a Security Guide?

Posted on November 4, 2014 by Russell Doty

In many cases a security guide is a binder full of often vague, occasionally overly specific and sometimes conflicting requirements. It has usually grown and evolved over a number of years and is written by and for people. Thus, many … Continue reading →

Posted in Security | 2 Comments

	“Christensen d… on Innovation
	Russell Doty on Building Successful Products
	Stephen John Smoogen on Building Successful Products
	Russell Doty on Building Successful Products
	Stephen John Smoogen on Building Successful Products

Monthly Archives: November 2014

Security Checklists and the US National Checklist Program

Availability of OpenLMI in Various Linux Distributions

LISA’14 – Are We Making Linux Too Easy?

Automation – a Security Imperative

System Audits – There Has to be a Better Way!

High Level Requirements for a Security Guide

What is a Security Guide?

Recent Posts

Recent Comments

Archives

Categories

Meta