lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <82abd3a705030405085d3c9423@mail.gmail.com>
From: mikie.simpson at gmail.com (Michael Simpson)
Subject: Things that make you go "Hmmm"

> I agree that it would be nice if we could schedule and plan all of our emergencies according to policy. :-)

that's the whole point of an inclusive policy
to allow you to have a framework for dealing with the unknown.

when we were designing major incident policies we would sit down and
do  "what if" sessions which could get pretty wild
ie "what if the British Petroleum compound at Grangemouth goes up in
flames and turns central scotland into a tar-pit"
and come up with a solution accordingly

now, in the area of operations that you are currently debating there
is a limited amount of things that can happen and they can be fully
identified with a proper approach
-attack trees &c

the british army has a phrase which applies here
"proper planning prevents piss poor performance"

the american simile for this situation would be "clusterfuck"

have a nice day

On Thu, 3 Mar 2005 23:15:15 +0000 GMT, Jason Coombs <jasonc@...ence.org> wrote:
> Matt wrote:
> > In a good company Incidence
> > Response isn't dictated by any of
> > what you said above.  It's dictated
> > by policy.
> 
> Good point. Even in a good company, though, incident response often occurs outside of policy.
> 
> An incident response professional who works for clients during emergencies is presented with variables and circumstances with which to contend, not a policy playbook to follow.
> 
> I agree that it would be nice if we could schedule and plan all of our emergencies according to policy. :-)
> 
> Cheers,
> 
> Jason Coombs
> jasonc@...ence.org
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ