A National Lab's 5 Tips for Better Security
Roger Johnston, a member of the vulnerability assessment team at the <a href="http://www.anl.gov/index.html">Argonne National Laboratory</a> near Chicago, delivered a keynote on Wednesday at the <a href=http://www.usenix.org/events/sec10/tech/>USENIX security conference</a> in Washington.
Roger Johnston, a member of the vulnerability assessment team at the Argonne National Laboratory near Chicago, delivered a keynote on Wednesday at the USENIX security conference in Washington.
Boiled down here from an article posted by eSecurity Planet on his speech, are five tips Johnston says will bolster your system security. (Yes, some have been around for years.)
1. Checking off boxes on a list will not produce better security.
2. Bring in "creative, even rebellious types with the mentality of a hacker" to talk about security, the article noted.
3. Do not delegate security to engineers. "If the only people you have looking at security are engineers, you're in trouble," eSecurity quoted Johnston saying, "In general they have completely the wrong mindset about security." (Argonne boasts on its website that it employs 1,000 scientists and engineers, so, Johnston, presumably, has had experience with this.)
4. Think of security at the beginning of the project, not as an afterthought.
5. Forget thinking that security is a "winnable battle." Vulnerabilities are always there.
NEXT STORY: US-VISIT tests of limited value, GAO finds