Posted by cadsmith on January 16, 2011
Automated testing improves usability. Ten ways good and bad hackers operate. PQ Labs SDK can handle 32-finger touchscreen. Stack Exchange has an answers community. Newsle filters friends in the news. DIY combines real and animated video. PixelOptics automatically focuses eyewear. Drones used for construction. Scooba robotic washer updated. Growbots learn on their own. New consumer bots shown at CES 2011. Vanishing commons and means of dissent point to global elite. Wall Street has its own code. Political implications of networking hint at Machiavelli 2.0. JFK Library now digital. Mass. Workforce Training has grants. Globalization may be superceded by the Walled Wide Web. Universal Electronic Card implemented in Russia. Bulgarian cybercrime expert missing. Tunisian cyberattacks linked to government. Superstreet routing has smoother, safer traffic. Snowmobiles are fitted for all-weather racing. Fruit Flies do computation. 34,000-Year-Old Organism found alive. There were 25 recent links.
Chapter 7 has testing recommendations. The goal is mitigation of risks due to threats and vulnerabilities. Security testing paths include reconnaissance, network mapping, and testing of vulnerability and penetration. Scans show vulnerable services that require a patch. Configuration hardening turns off unnecessary services. Covert testers act like hostiles. Intrusion detection systems may be network or host-based. A Security Information and Event Management system organizes log files. Benchmarks include ISO 27002, NIST SP 800, ITIL, COBIT, COSO. The Disaster Recovery Plan can be tested using checklist, structured walkthrough, simulation, parallel or full-interruption. A security gap analysis compares what the system has and what it needs. The book has 3 parts, 15 chapters having quizzes, and 4 appendices. There is a comprehensive glossary of key terms, and a list of references. The rest of the book has preparation for the Systems Security Certified Practitioner.