Initial Thoughts on Visible Ops

I just finished listening to a Webcast offered by Tripwire titled Security Compliance: Revving Up for Regs with a Unified Strategy. To be honest, I don't think the presenters used their time appropriately, and I think the material was not conveyed very well. I listened, however, because I have learned of a book by Tripwire co-founder Gene Kim called Visible Ops. Visible Ops is a four-step methodology to implement the IT Infrastructure Library (ITIL). Tripwire describes ITIL as a framework "for assuring effective, verifiable, repeatable IT change and system configuration management processes."

The Visible Ops four step process is:

  1. Electrify the fence and modify first response.

  2. Catch & release and find fragile artifacts.

  3. Establish repeatable builds.

  4. Establish a repeatable build library.


This Computerworld rticle from last year provides a good explanation and introduction to these ideas.

The Visible Ops authors donated the results of their research to the Information Technology Process Institute (ITPI).

More information on Visible Ops is available through Tripwire. Thank you to Ron Gula for informing me of Visible Ops. Ron has a white paper explaining how his company's products help customers implement this framework and thereby improve their security and performance.

During the Webcast I was reminded of the new ISO/IEC 17799:2005 standard just released. Related information is posted at ISO 17799 News. I also heard that NIST 800-53 includes a mapping of its guidelines against the new ISO 17799, DoD Instruction 8500.2 (.pdf), DCID 6/3, GAO Federal Information Systems Controls Audit Manual (FISCAM, .pdf), and NIST 800-26.

To hear the NIST perspective on these standards, straight from Dr. Ron Ross himself, check out his recent presentation (.ppt) to my local ISSA chapter.

Comments

Post a Comment

Popular posts from this blog

MITRE ATT&CK Tactics Are Not Tactics

Image
Just what are "tactics"? Introduction MITRE ATT&CK  is a great resource, but something about it has bothered me since I first heard about it several years ago. It's a minor point, but I wanted to document it in case it confuses anyone else. The MITRE ATT&CK Design and Philosophy document from March 2020 says the following: At a high-level, ATT&CK is a behavioral model that consists of the following core components: • Tactics, denoting short-term, tactical adversary goals during an attack; • Techniques, describing the means by which adversaries achieve tactical goals; • Sub-techniques, describing more specific means by which adversaries achieve tactical goals at a lower level than techniques; and • Documented adversary usage of techniques, their procedures, and other metadata. My concern is with MITRE's definition of "tactics" as "short-term, tactical adversary goals during an attack," which is oddly recursive. The key word in the tacti...
Read more

Zeek in Action Videos

Image
This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project .  Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on.  I am especially pleased with Video 6 on monitoring wireless networks . It took me several weeks to research material for this video. I had to buy new hardware and experiment with a Linux distro that I had not used before -- Parrot .  Please like and subscribe, and let me know if there is a topic you think might make a good video.
Read more

New Book! The Best of TaoSecurity Blog, Volume 4

Image
  I've completed the TaoSecurity Blog book series . The new book is  The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship .  It's available now for Kindle , and I'm working on the print edition.  I'm running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up. I described the new title thus: Go beyond TaoSecurity Blog with this new volume from author Richard Bejtlich. In the first three volumes of the series, Mr. Bejtlich selected and republished the very best entries from 18 years of writing and over 18 million blog views, along with commentaries and additional material.  In this title, Mr. Bejtlich collects material that has not been published elsewhere, including articles that are no longer available or are stored in assorted digital or physical archives. Volume 4 offers early white papers that Mr. Bejtlich wrote as a network defender, either for technica...
Read more