@puniko I hate how much of the infosec industry consists of just checking checkboxes rather than actually understanding what you're securing or why
Uncategorized
4
Posts
2
Posters
0
Views
-
@puniko I hate how much of the infosec industry consists of just checking checkboxes rather than actually understanding what you're securing or why
-
@puniko I hate how much of the infosec industry consists of just checking checkboxes rather than actually understanding what you're securing or why
-
@serafine @puniko I was thinking more about the fact that infosec people just read whatever the news says and then do it in the most half-assed way possible.
For example they might set up logging on absolutely everything and have a flood of crap, because that's what they heard at a conference or whatever.
But it's the opposite of what you should actually do, you should log everything you need to detect something, and then make sure you can actually respond to the thing you need to.
But nah, just enable monitoring on 5 bajillion things and now you have a control panel with 200 flashing red lights 24/7, 90% of which are false positives and you don't have the people or knowledge to filter out the 10% you need to care about and then action on it. -
@serafine @puniko I was thinking more about the fact that infosec people just read whatever the news says and then do it in the most half-assed way possible.
For example they might set up logging on absolutely everything and have a flood of crap, because that's what they heard at a conference or whatever.
But it's the opposite of what you should actually do, you should log everything you need to detect something, and then make sure you can actually respond to the thing you need to.
But nah, just enable monitoring on 5 bajillion things and now you have a control panel with 200 flashing red lights 24/7, 90% of which are false positives and you don't have the people or knowledge to filter out the 10% you need to care about and then action on it. -
R relay@relay.mycrowd.ca shared this topic
