I feel like I've been a slack dog when it comes to blogging substantively lately, and it's probably true. Mea culpa. The good news is that I have a few ideas that I'm working on, and will hopefully get to sooner than later. I've recently started a new consulting engagement, so my addition has been detoured by that. With a little luck, I'll get back into form and get some things together.
Reader poll: What do you consider to be cornerstone concepts in security? Please post your thoughts in the comments. Why? Because I'm thinking of starting a new line of security posts "Cornerstone Concepts in Security" - that's why. :) Right now I have "accountability & enforceability" and "data classification" and maybe a couple other ideas, but that's about it, and seem rather pathetic.
What I mean by "cornerstone" concept is this: if you strip down infosec to its foundations, removing all the tech-specific gobbledygook, what does that leave you? What are the core minimum concepts that need to be enacted in an infosec environment? Policies are a core thing, but I don't consider them conceptual. Get what I'm saying? Please let me know what you think.
I also still owe a thought piece on key mgmt... again, mea culpa, coming sooner than later! :)
