| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <00bc01c394fc$87c797e0$182ea8c0@LUFKIN.DPSOL.COM> From: purdy at tecman.com (Curt Purdy) Subject: NASA experience > From my experience working at NASA (moffet field as an intern one > summer) was that their IT department (in my building) was good at what > they did but had a pretty restrictive security policy (which is a good > thing i guess). So i would rate them as excellent although too > restrictive. > -- > Jason Freidman <jason.full-disclosure@...pnski.com> Since a primary tenant of all good security policies is the principle of least privilage that baisically states that no-one should have more access than the absolute minimum necessary to do their job. Of course no-one really does this that I have seen. But a good yard-stick of your security policy and implementation is if everyone complains it is too strict. As long as you have the support of managment, this is when I feel most comfortable. It looks like NASA is doing it right, which I have always heard. Being ahead of the curve, 4 years ago they instituted a comprehenive vullnerability assessment and patching and remediation program that turned the hostile penetration rate from over 20% to less than 1% in a year. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke
Powered by blists - more mailing lists