Technical Security
Sign in

Technical Security

Information Security Professiona
Employees probably are most fascinated by the cool, “sexy” tools like firewalls and biometric systems. If you are offering training, you can touch on those technologies. But the reality is that the boring, mundane administrative topics like policies and passwords are most relevant to them. And, admittedly, these subjects are easier to “get.” Training should focus on them.

Still, touching on some of the common types of information security hardware, from firewalls to “big-picture” concepts like the workings of the Internet, makes sense. An overview of the “propeller head” stuff provides a framework for why certain seemingly completely arbitrary rules—such as why confidential information should not be sent in a “regular” email—need to be followed. Also, understanding exactly how IP addresses work can help people understand exactly how certain organizational defensive practices, such as website blocking, are implemented. But when speaking about these technologies—which I fondly call technobabble—I create real-world analogies for the audience. The technical topics which merit explanation are:

  • Intranets & The Internet
  • Packets, Headers, Ports & MACs
  • Routers & Bridges
  • Firewalls
  • Intrusion Detection Systems
  • Network Architecture
  • Host Hardening
  • Encryption

Knowing these words probably won’t win you any Scrabble® games. But they sure do come in handy when you’re determined to prevent some miscreant from making off with the credit card numbers of your top 100,000 customers.

I will go into details about each of these in future posts.
start_blog_img