This talk will discuss the very dry subject of asset management and configuration standards as they apply to defensive information security. We will address the need for asset and configuration management, and critically compare the standards presented by NIST Microsoft, Apple, the NSA and other groups. Practical suggestions for both defensive asset configuration strategies, and loss prevention through software (and why it doesn't work very well) will be discussed, as well as the value of large, invasive asset tracking services. There will be little or no discussion of attribution, "cyber" or "cybering", and no spreadsheets will be harmed during this presentation.
Bio: Caspian Kilkelly (@randominterrupt) works for a large, busy Canadian University as a security specialist. He has 15 years of experience with layer 8 of the OSI model, as well as most of the others. Caspian has worked for or with all sorts of shady characters, startups, circuses, and large insurance and financial organizations. He has managed to turn most of it into interesting stories, but still can't figure out how to convince his user community not to open that damn zip file full of "smiley face icons".
If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek