By Bradley Susser’s Blog bot24.blogspot.com
Science papers direct link
I like Back to Basics where the paper reviews our bad security model – which used to work as networks were small and fixed computers on the inside protected from systems on the Internet.
Today our security model is where new devices get set up internally, or malware is on the inside network which are not secure and could be compromising the Internal network. Or the cloud has permissions and could be compromised in new ways.
The network is no longer a fixed type, there are a lot of grey areas. The suggestion is to increase the granularity of the network building blocks where security can be tested or builtin. Sort of like testing the network traffic packet by packet. They are also discussing building blocks in the virtual machine area, where each application is tested.
the idea is to get people thinking closer to 100% secure environments, rather than the risk based models today.
The Kill chain discussing the Target data breach is also on this site. The details of the target 40 mil credit card number stealing.
default account name on BMC software was one of the culprits, one needs a good testing plan, both internal testing and external independent audits/or scans.
(We can do an independent audit /scan of your network)
There are many other good papers.