As I dig through the piles of emails and snail mail on my desk from vendors and such I found a great email from a colleague. I think this one is worth passing along. Often security types are stuck with the “OK, now what?” question. We can never know everything about this field. It just isn’t going to happen. We tend to be jack of all trades and master of none. As a result we need all the help we can get and we resort to sharing tools with others in our field that can help us get where we need to go.
One such tool is the Security Technical Implementation Guides or STIGS, from DISA. These are generally kept rather current. A nice free resource.
Give it a whirl. (thx Dr. Jones)
(CC licensed image from boojee’s Flickr stream.)