I mentioned last year, and in various other posts about proving your cyber state. In that post, I mentioned safety, but I really meant security. Are you secure? Prove it. Richard Bejtlich echoes (or restates, since I’m not sure where I first heard this idea) that this is a key tenant of where we should be with our own cyber security. In fact, I will go so far as to say this question is as important as cogito ergo sum is to philosophy (it’s the basis of it, a foundational statement). It is more than a marketing ploy or illustrative approach; it is a basis for our entire industry and philosophy on security, business, IT.
Please read Richard’s post. In recent months he has been throwing various ideas around, and you can almost see the screws turning, popping this extremely formative and important post out. He builds up to what he defines as security, or rather, acceptable security.