-
Recent Posts
- Case Study: Incorporating Disruptive Technologies into Existing Products (part 3)
- Case Study: Incorporating Disruptive Technologies into Existing Products (part 2)
- Case Study: Incorporating Disruptive Technologies into Existing Products (part 1)
- Incorporating Disruptive Technologies into Existing Products
- Investing in Disruptive Technologies
Articles
Major articles in chronological order:
Archives
- May 2020
- April 2020
- March 2020
- February 2020
- December 2019
- November 2019
- October 2017
- August 2017
- July 2017
- November 2016
- July 2016
- June 2016
- August 2015
- July 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
Categories
Category Archives: Security
SCAP Workbench
SCAP Workbench allows you to select SCAP benchmarks (content) to use, tailor an SCAP scan, run an SCAP scan on a local or remote system, and to view the results of a scan. The SCAP Workbench page notes: The main … Continue reading
Posted in Security, System Management
Leave a comment
Running SCAP Scans
The previous article introduce SCAP Content, which can be used to drive automated audits. OpenSCAP can be run from the command line, but there are easier ways to do it. OpenSCAP support has been integrated into Red Hat Satellite and … Continue reading
Posted in Security, System Management
Leave a comment
Security Tests – SCAP Content
The previous article introduced SCAP technologies. While the SCAP technologies are interesting, they have limited value without security content – the actual set of security tests run by SCAP. Fortunately there is a good set of content available that can … Continue reading
Posted in Security
Leave a comment
SCAP Component Technologies
The previous article introduced the concept of security guides as executable content and introduced SCAP. We’re going to dig into SCAP in a fair amount of detail. So, let’s start by covering the various technologies that make up SCAP: XCCDF … Continue reading
Posted in Security
Leave a comment
Security Audit Automation Made Easy with SCAP
The last article introduced the US National Checklist Program. Security automation can be defined as the use of standardized specifications and protocols to perform specific common security functions. Which leads us to SCAP – the Security Content Automation Protocol, an … Continue reading
Posted in Security
Leave a comment
Security Checklists and the US National Checklist Program
The last article introduced the need to automate security. If you are going to perform a security audit you need a checklist. Let’s spend a minute on this. If you want a predictable outcome, you need a standard process – … Continue reading
Posted in Security
Leave a comment
Automation – a Security Imperative
The last post concluded with the cry “there has to be a better way!”. So far we have established: Security Guides are a good idea and exist in almost all organizations. Security audits are good and widely used. Security guides … Continue reading
Posted in Security
Leave a comment
System Audits – There Has to be a Better Way!
The last post laid out guidelines for a security guide. We’re now at the point where we can discuss a system audit. We have defined what an audit is, what security requirements are, and what a security guide is. At … Continue reading
Posted in Security
Leave a comment
High Level Requirements for a Security Guide
The previous post explored the kinds of information that might be in a security guide. Let’s lay out some basic requirements for a security guide: The security guide must exist. It must be available, updated, and maintained. The security guide … Continue reading
Posted in Security
Leave a comment
What is a Security Guide?
The last article introduced the concept of a security guide – but what is it? In many cases a security guide is a binder full of often vague, occasionally overly specific and sometimes conflicting requirements. It has usually grown and … Continue reading
Posted in Security
2 Comments