I'm back in school now. There's only a short break between Spring and Summer Classes. My past courses were over Network Security Architecture, Cryptography, and Risk Assessments, which encompasses what I would consider the technical parts of Information Security. Unfortunately, Information security is about half technical and half accounting. I'm into the accounting part now. My latest course is called "Trusted Systems" which really doesn't give you any idea what it's about. It’s about Protection Profiles. A protection profile is a formal specification of security requirements for a commercial system. Basically, if you wanted to protect your "widget server", you would write a protection profile that details therequirements and throw it out to a security vendor and say "Make that!' No one implements security in this way. You know who does? The Feds. In fact, all the documents on how to write a protection profile are written by federal agencies. So to sum it up I'm taking a class on how to Specify Security Requirements the way the Federal Government does. (I'm MMMMMMMMMEEEEEEEEEEELLLLLLLLLLTTTTTTTTIIIIIIIINNNNNNNNNNG)
Protection Profiles
1 Comment
Leave a comment
One thing I must add to this comment from my experience working for the mother-ship. Do not try to implement DOD or Federal recommeneded security settings unless you KNOW WHAT YOU ARE DOING! You can break a lot of shit!