[Ach] 30C3 talk "The Internet (Doesn't) need another security guide"

L. Aaron Kaplan kaplan at cert.at
Tue Jan 14 01:07:24 CET 2014


Hi list,

I finally came around to watching evacide's talk "The Internet (Doesn't) need another security guide" [1]
where she mentions our small project in minute ~ 18 or 19 [2] (Yay! Thanks). Spoiler alert: Eva actually says that we need more (targeted, good, correct and well defined) guides for sure.

It's a good talk and I encourage you to watch it as well.

There are a couple of things that stuck:

1. Eva mentioned that bettercrypto.org could use a section on how to convince your boss that the company needs hardened Crypto settings and that the sysadmins should invest time into that. Do you agree with that point of view?
Should we add such a section?

2. Threat modelling: Eva mentioned that most guides first focus on a threat model. We don't really do that so much in ours. 
Are we missing something here?

3. Understanding your target audience: it seems we have been doing something right, because we first focused on our clearly defined target audience. However, I think we need to improve even more in this field: we should hand this guide to multiple sysadmins and let them test the guide and collect as much feedback as possible. 


So much for my thoughts after watching this talk.
Hope my thoughts helped or at least inspired you :)

a.


[1] https://www.youtube.com/watch?v=VHgs3YcxzXw
[2] https://www.youtube.com/watch?v=VHgs3YcxzXw&t=18m0s


--- 
// L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
// CERT Austria - http://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20140114/f954472b/attachment.sig>


More information about the Ach mailing list