Tuesday, March 05, 2002

I've just added an entry on database security in Postcards from the Revolution to supplement Mike's recent security and tools entries. I also wanted to complement his enterprise architecture planning theme that he started. My entry here connects to security and tools, starting with Handbook of Information Security Management, which is an online version of the print version that's available from Amazon.

Another resource is Security Architectures for Large-Scale Distributed Collaboratory Environments. Combined, these two documents will provide QA practitioners with ample background information for developing test strategies that include security.

We live in a connected world, so understanding network security testing is a skill that QA professionals need to add to their knowledge base. I have a network design guide in MS Word format that will get you up to speed in network technologies if you need to understand more than the bare basics. An additional resource is The Art of Network Testing, which Mike reviewed on Amazon on 16 September 2001.

More specific security issues which all IT professionals should understand include internet vulnerabilities. Architects and QA should be aware of these exposures so that designs and test strategies can proactively address them at all stages of a system's life cycle. By reverse-engineering Modeling Internet Attacks you can see what needs to be designed into a system, as well as what needs to be tested before the system is deployed. You can use the same strategy by using the materials I provided earlier today in Postcards from the Revolution about database security.

Another area that needs attention in all phases of the system life cycle is Denial of Service Attacks. The PowerPoint presentation on DoS attacks is a good starting point. There is a new twist on this type of attack called Distributed Reflection Denial of Service reported and documented by Steve Gibson.

Idea Generator. I'm always looking for ways to succinctly convey information. While browsing DARPA's site earlier today I came across one of the best examples, which is shown on a project summary page. The project itself was of little interest, but the way it's summarized is nicely done. What I especially like is the Quad Chart format that captures the entire project in a single visual quadrant, with the other three quadrants for new ideas, impact and schedule. It's compact, conveys an incredible amount of information and is more effective, in my opinion, than ten or fifteen PowerPoint slides. I've archived three example quad charts for three different projects. Take a look and judge for yourself.

<< Home

This page is powered by Blogger. Isn't yours?

Subscribe to Posts [Atom]