Cloud & Telecom Security

This is an old topic, but it’s not an easy one. For everyday, IT managers are facing the questions : how to make sure the business continuity? what’s the proper redundancy to balance between continuity and cost? You know the redundancy and complexity themselves can introduce additional potential failures and issues. So redundancy is not the silve bullet for continuity, not mentioning the cost.

I have been working on this for a while. I don’t have budget to have a consulting project to help me to get a comprehensive and holistic picture. I have to do it by myself.

As the first step, I am considering the mothodology. The below diagram is the draft in my brain. Read more…

5月30日，NIST（美国技术标准局）推出了一个用于对安全配置进行打分的草案，其全称是：NIST IR-7502 DRAFT The Common Configuration Scoring System (CCSS) 。

CCSS是用于对有关软件安全配置问题（Issue）的特征和影响提供的一个标准测量集合。CCSS可以帮助企业组织在解决安全问题时做出正确的决定，另外，它还可以提供数据以便对主机的安全状况进行量化的评估。从体系上看，CCSS借鉴了CVSS，但是针对软件的安全配置问题做了特别调整（CVSS专注于软件缺陷和漏洞）。我们知道，一个软件系统的安全性，不仅仅是软件本身的安全问题，很大程度上还决定于安装、配置和运行管理。

据报道，NIST还计划扩展CCSS，将环境度量也包含进来。点击下载原文。