Tuesday, January 18, 2011

Improvement and Education in the Security Community

Those of you who know me will know how keen I am on helping the continued professionalisation of information security, and in providing training, guidance and steer back to the community. I get a lot of queries from individuals in IT or Information Security roles asking for more ways to get information, improve their skillset or even just to learn from others.

Many of you may be familiar with the Stack Exchange family of websites - a question and answer site using reputation weightings to help individuals find answers that they can trust.

We have been working with a new one - Security Stack Exchange - near the end of its public beta - that aims to provide security professionals with a forum thttp://www.blogger.com/img/blank.gifo ask or answer questions around security, risk, governance etc.http://www.blogger.com/img/blank.gif

Some examples to show the range of questions already on the site:

Securing the security guy's home office: what should we do?
http://www.blogger.com/img/blank.gif
Although Incident Response is often handled well in larger organisations, it is very relevant for smaller companies

Establishing routines on what to do if a PC gets stolen?

Security around database password hashing:

If I hash passwords before storing them in my database, is that sufficient to prevent them being retrieved by anyone?

If you deal with information or IT security, governance or risk your input could be very valuable, or if you have questions in these areas someone on the forum could help you out. Either way, have a look and see what you think.

No comments: