An Open Letter, A Call To Action Cyber security has reached a complete state of…
The job of keeping up with latest threats and vulnerabilities is a daunting task for security professionals. There are many excellent resources for both threats (for example, Symantec DeepSight data feeds) and vulnerabilities (DHS National Cyber Security Division/U.S.-CERT). But it still requires skilled human effort to synthesize which assets in an organization are impacted by the threats, and interpret vulnerability information to understand how likely the threats are to the business, given the current controls that exist. As I’ve discussed earlier, investing in an information security risk management program is the way solve this problem in a way that maximizes benefit to an enterprise’s business.
However, you may also just want to find out what everyone else is talking about. I recently found a new service called MustExist that does this based on mining the huge data sets generated by Twitter communities. One area (among others such as healthcare) that they have targeted is information security. For example, right now the hottest topic of discussion is sort of a self inflicting wound – a phishing attack on Twitter accounts, designed to steal user names and passwords. You can also find popular tools that security engineers are using, such as a cheat sheet for the latest release of Nmap.
So, maybe it’s not something to build your security strategy around. But I’d say it’s fun and useful.