User talk:WideClyde

From Wikipedia, the free encyclopedia

[edit] Welcome to Wikipedia!

Hello WideClyde! Welcome to Wikipedia! Thank you for your contributions. If you decide that you need help, check out Wikipedia:Where to ask a question, ask me on my talk page, or place {{helpme}} on your talk page and ask your question there. Please remember to sign your name on talk pages using four tildes (~~~~); this will automatically produce your name and the date. Below are some recommended guidelines to facilitate your involvement. Happy Editing! -- —Centrx→talk • 20:33, 7 January 2007 (UTC) Getting Started Wikipedia Tutorial How to edit a page The five pillars of Wikipedia Manual of Style Be bold in editing How to write a great article WikiProjects Writing and editing Cite your sources Neutral Point of View Point of View Verifiability Uploading images Image use policy Getting more Wikipedia rules Policy Library Getting Help New contributors' help page Where to ask a question Help Desk Frequently Asked Questions Getting along Wikiquette Civility Sign your posts Wikipedians Conflict resolution Getting technical Pages needing attention Peer review Utilities Village pump

[edit] Information Security

Again, good work. I noted the addition of IA and Computer Security. Aside from fighting urges to wikify, I'll look forward to the finished article. Luis F. Gonzalez 16:21, 15 January 2007 (UTC)

[edit] IA Controls

Here's some more information on IA controls AKA security controls:

From DoDI 8500.2 there are 8 in the following two letter acronyms (TLA). Additional numbering adds more information.

1. DC Security Design & Configuration
2. IA Identification and Authentication
3. EC Enclave and Computing Environment
4. EB Enclave Boundary Defense
5. PE Physical and Environmental
6. PR Personnel
7. CO Continuity
8. VI Vulnerability and Incident Management

DoD breaks the down per CIA Triad (leg) or IA service.

From NIST Special Pub - SP 800-53 rev 1

1. AC Access Control
2. AT Awareness and Training
3. AU Audit and Accountability
4. CA Certification, Accreditation, and Security Assessments
5. CM Configuration Management
6. CP Contingency Planning
7. IA Identification and Authentication
8. IR Incident Response
9. MA Maintenance
10. MP Media Protection
11. PE Physical and Environmental Protection
12. PL Planning
13. PS Personnel Security
14. RA Risk Assessment
15. SA System and Services Acquisition
16. SC System and Communications Protection
17. SI System and Information Integrity

NIST uses DoD methology by breaking down the control into TLAs and into Defense in Depth (computing) category (People - Techonology - Operations/Process).

From ISO 17799

Risk assessment and treatment - analysis of the organization's information security risks

1. Security policy - management direction
2. Organization of information security - governance of information security
3. Asset management - inventory and classification of information assets
4. Human resources security - security aspects for employees joining, moving and leaving an organization
5. Physical and environmental security - protection of the computer facilities
6. Communications and operations management - management of technical security controls in systems and networks
7. Access control - restriction of access rights to networks, systems, applications, functions and data
8. Information systems acquisition, development and maintenance - building security into applications
9. Information security incident management - anticipating and responding appropriately to information security breaches
10. Business continuity management - protecting, maintaining and recovering business-critical processes and systems
11. Compliance - ensuring conformance with information security policies, standards, laws and regulations

I've yet to crack open the ISO ref. —The preceding unsigned comment was added by Luis F. Gonzalez (talk • contribs) 17:17, 15 January 2007 (UTC).

[edit] Infosec Progress

I've liked what you have done and will start to wiki some links. You may want to mention in the Security Classification section, Multilayer Security (MLS) OSs (a la Orange Book Labeling and certifications, e.g. C2, B2, etc). Luis F. Gonzalez 20:42, 20 January 2007 (UTC)

[edit] License tagging for Image:DefenseInDepthOnion.png

Thanks for uploading Image:DefenseInDepthOnion.png. Wikipedia gets thousands of images uploaded every day, and in order to verify that the images can be legally used on Wikipedia, the source and copyright status must be indicated. Images need to have an image tag applied to the image description page indicating the copyright status of the image. This uniform and easy-to-understand method of indicating the license status allows potential re-users of the images to know what they are allowed to do with the images.

For more information on using images, see the following pages:

• Wikipedia:Image use policy
• Wikipedia:Image copyright tags

This is an automated notice by OrphanBot. If you need help on selecting a tag to use, or in adding the tag to the image description, feel free to post a message at Wikipedia:Media copyright questions. 03:09, 21 January 2007 (UTC)

[edit] Great work

I just wanted to commend you on your writing of the Information security article. It looks great! If you ever have any questions or need any help with Wikipedia, I would be happy to help. —Centrx→talk • 00:51, 23 January 2007 (UTC)

[edit] CIA Traid

Here's an image of the infamous tripod. It can be implied that the Penrose triangle leads to an infinite process, a'la ant on a Mobius strip, but what I wanted to mention is that the point of CIA is to protect data-in-transit, data-at-rest and the services providing that data. This is meant as an addition to CIA, but as purpose behind the idealized model.

CIA Triad

Additionally I had some Denfense in Depth onions I was working on as well...but hopefully if I ever get some graphics training and time, I'll post them up as well. Luis F. Gonzalez 03:19, 23 January 2007 (UTC)

I do not think there is a policy against image re-use. Wikipedia is just anal retentive to protect itself against the copyright crowd.

Change Management? Funny you should mention that. I'm studying up for the ITIL cert and I'm currently in the Change Management portion of a CBT, which BTW does not have good references. I'd have to dig around for "published" works on Change Management. All I can suggest now is the information on the Change Management (ITSM) link.

MultiLevel security is a pain, but all the TRUSTED OS/DB products are all originally Orange Book concepts that will not die. Mentioning Bell-LaPadula/confidentiality will get it in.

I'm not so sure about the poster, but it gets the point across. Luis F. Gonzalez 06:57, 23 January 2007 (UTC)

[edit] Added ConfidentialityIntegrityAvailability.png to image delete page. Obsolete.

[edit] Image:ConfidentialityIntegrityAvailability.png listed for deletion

An image or media file that you uploaded or altered, Image:ConfidentialityIntegrityAvailability.png, has been listed at Wikipedia:Images and media for deletion. Please look there to see why this is (you may have to search for the title of the image to find its entry), if you are interested in it not being deleted. Thank you. WideClyde 02:44, 1 February 2007 (UTC) WideClyde 02:44, 1 February 2007 (UTC)

[edit] Parkerian Hexad

I recently had a talk with several (ISC)^2 folks, Dow Williamson and others, and they mentioned no change from the Triad to Hexad. Additionally I don't think the Hexad's elements are atomic, but that's just my opinion. Luis F. Gonzalez 17:32, 23 March 2007 (UTC)

I'm no longer in academia, but I think that John Y wants more academic flavoring in the article e.g. theories, formulas and proofs. But then again that's why I left the tower of ivory. On another topic I personally think the poster is too DoD centric. Luis F. Gonzalez 17:28, 24 March 2007 (UTC)