What do you think of when you see the pinky pig ? 
And the balance
is tilt to the pinky pig !!
Oink..oink...
These three terms (let’s use a short form “PPT”) are very popular among the InfoSec folks nowadays. They were mentioned at least in 4 of the conferences I attended last week. If my memory doesn’t fail me, my first encounter of the usage of these three terms in InfoSec arena was 5 years ago. I was attending a certified information security practitioner course conducted by a Singapore based institute. (I was sponsered for winning an on-line hacking competition :D) I can still remember that DBS internet banking fraud was used as an illustration of vulnerability in business process.
I guess no one will try to argue the validity of PPT in infosec because there are plenty of examples illustrating failed attempts to solve infosec problems with isolated approaches. Among the conferences I attended last week, one is about Vulnerability Management, one is about Enterprise security practices, one is about IT Governance and the other is about Technology Innovation in Banking.
In the VM talk, the idea of staged gap analysis from PPT aspects is a good structured approach besides the usual PPT oriented vulnerability remediation. The Enterprise security talk was not very interesting except the analysis of impact of web 2.0 (or Enterprise 2.0 - usage of web 2.0 in enterprise environment). The speaker from the IT Govenrnance talk listed few obstacles and hurdles encountered from PPT aspects when pushing information security to LOB (Lines of Business). I like this one very much because this guy showed that he had hands-on practical experiences instead of just big talks and I can actually relate my current challengers in my workplace to his examples.
I will write more about technology innovation in Banking in separate posts because this is the newest portfolio I take up and I am really excited about this global initiative in my workplace. Again we can always use PPT to draft some structured approach on doing innovation, but where is the fun when everything is structuralized?
Just visited a bookshop and saw a whole bunch of new Information security related books … After a quick browsing of the content pages, i found quite a few interesting ones …
1) Exploiting Online Games: Cheating Massively Distributed Systems (Addison-Wesley Software Security Series)
2) Shellcoder’s handbook 2nd Edition (really want to read it to see whether they are using more up2date examples which take new os protection into considerations .. hehe.. despite a few typo errors ..the 1st edition is really good …)
3) Emerging Threat Analysis (From Syngress, a good update to some new infosec areas ..)
4) Hacking Exposed Wireless
5) Cybercrime Investigation (From Syngress, it analyize real security cases from the management, legal and boardroom point of views)
Added the listings to my coming year must read list …
