Latest news
Christopher Alberts is a senior member of the technical staff in the Networked Systems Survivability Program at the Software Engineering Institute (SEI).Before joining the SEI, Christopher was a scientist at Carnegie Mellon Research Institute, where he developed mobile robots for hazardous environments. He also worked at AT&T Bell Laboratories, where he designed information systems to support AT&T's advanced manufacturing processes.
How did you get interested in computer security?
My background is in risk management. Before becoming involved in computer security, I developed techniques for assessing risk on software development projects. Moving to information security risk was a natural progression.
What operating system(s) do you use and why?
The organizations with which we work use a variety of operating systems, so we need to have some familiarity with many operating systems.
How long did it take you to write "Managing Information Security Risks: The OCTAVE Approach" and what was it like? Any major difficulties?
It took us about a year to write the book from concept to completed manuscript. Writing a book requires a significant time commitment. We had a lot of material with which to work. However, it took us a while to sort through all of the information and set a workable scope for the book. In the end, writing the book was a very rewarding experience for me.
The biggest difficulty in writing the book was making a fairly dry subject as readable as possible.
If you could start working on the book all over again, would you make any changes?
We went through much iteration before settling on the format of the book. I don't think that we would make any major changes. However, each time I read it, I find minor revisions I would like to make.
What are your favourite security tools?
When people hear the phrase "security tool," they often think of a tangible product. If you view security tools in that sense, there are many useful products available today. One problem is that not enough people are knowledgeable in the use of those tools.
I like to broaden the definition of "security tool" to include any means that helps to improve security. Security-related education and training is number one on my list. This includes general security awareness training for staff and managers as well as specific technology-related training for administrators.
In your opinion what are the most important things an administrator has to do in order to keep a network secure?
Spotlight
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Is Microsoft is reading your Skype communications?
Posted on 15 May 2013. | The question of whether Skype allows U.S. intelligence and law enforcement agencies to access the communications exchanged by its users has still not been adequately answered by Microsoft.
Internet Explorer best at blocking malware
Posted on 14 May 2013. | While Chrome’s malware download protection improved significantly, Internet Explorer 10 continues to outperform the other browsers with a block rate of 99.96%.
Researcher refuses to help Saudi telco to spy on people
Posted on 14 May 2013. | You would think that a Saudi Arabian telecom firm interested in monitoring its users' mobile communications would not be asking a well-known pro-privacy researcher for help, but you would be wrong.
Malicious browser extensions are hijacking Facebook accounts
Posted on 13 May 2013. | Facebook users - especially those in Brazil - are being targeted with malicious browser extensions trying to hijack Facebook profiles, warns Microsoft.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
