- Patching is more than updating software; it requires testing and scheduling.
- Penetration tests, if not done after each release, are no more than a placebo.
- Employees are the weakest link in the chain, due to socially engineered attacks.
- Passwords that can’t be changed easily are no longer performing any security function.
- Securing an environment requires constant vigilance and work.
- Developing code requires education and review to make sure no breaches are introduced.
- The building’s environment can be a source of security holes.
- Creating digital bulkheads, or kill switches, will enable the containment of a breach.
- Managing a security breach requires level-headedness and good internal communication.
- You will grow to a point where a dedicated resource is needed to manage security.
#ThinkLikeACTO #Security #ChapterSummary #Chapter12 #Patches #KillSwitches #SecureBuildProcess #PenetrationsTests
Courtesy - Alan Williamson & Manning publication
