Thursday, January 3, 2013

Incident response and insider threats

I mentioned yesterday that I was sorting out what I wanted to accomplish and where I would like to focus my activities in the coming year.  Heck knows, I am nowhere near ready to make a break and start something new or in a different direction.  However, during some of my free time (walking the pooch or driving to work) I've had a chance to mull over additional areas of this niche in computer security. 

One area that fascinates me to no end is the management of the insider threat to the organization.  And I think, to some degree, I want to move into an area where I have the ability to help mitigate and protect from that threat.  By doing so, I'll get to leverage my passion for incident response and to some extent, digital forensics.  At least, it is something to look forward to.

I noticed a post go through my blog reader today that the CERT Insider Threat team released another great resource.  I've just downloaded it:  The Common Sense Guide to Mitigating Insider Threats, 4th edition.  I haven't read it yet (I think I saw it is 144 pages.)  I'll get on it shortly.  But, if it is like their book, The Cert Guide to Insider Threats, then I'm sure it will be great.

Something else that is somewhat nagging at me is that I know my technical skills are starting to slip.  (Heck, many many years ago, my first coding forays were in COBOL, I don't know how much I could write in that language.)  I know that the DFIR community works a lot in Perl and Python.  I had started to teach myself Python early last year, but without having an active project to work on, I find that I can't keep the skills sharp.  So, I plan to remove rust, and get myself as technical as practical.

Finally, one of the tools I really want to get better aquainted with is the Security Onion, a tool that I think has plenty of value for incident responders, and network defenders in general.  I just saw today in a post that version 12.04 has been released.

No comments:

Post a Comment