Posted Feb 28, 01:15 PM by ben
On occasion I find myself poking around the net in search of military doctrine or other military papers. People certainly quote Sun Tzu constantly; mainly since they sound so clever. Of course these quotes come directly from “The Art of War” which is why I like the military doctrine stuff. The items the military publishes isn’t trying to mystify or be clever but to turn the “Art” into “Science”.
I submit that achieving a science to information security- specifically event handling and response- is what the entire community should strive towards.
This involves training, experience, developing methodologies, confidence in one self, leadership and hardcore skills. These things do not come quickly.
For a good time now I reflect on Blooms cognitive domains taxonomy to rate the training and general skillset. (Can you tell my wife is a teacher?) I still need to internalize those verbs to be able to significantly push boundaries. By this, I submit that asking questions such as “what happened?, what worked, what didn’t work?” during debriefs of events is not nearly as effective as asking “How would you classify the event, Do you agree with X, Further break down the implications of X” etc.
But the other day John Robb posted an intriguing synopsis of current events. In that post he referenced the OODA loop which I was completely unfamiliar with. I like how it breaks down the decision process and I believe that understanding this feedback loop can have an even higher impact as an incident handler.
Additionally, Chet Richards has an excellent powerpoint on the OODA loop.
// :: incident-handling/ productivity
Commenting is closed for this article.
This work by http://electricfork.com is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
I lead an information security ops and response team. This site is a collection of interesting notes and brainstorms on the protecting from, detecting of, and responding to badness. You can read more about me or my site here.
You can subscribe to my blog via rss 
, or if you're looking for older items check out my archive of previous posts.
I organize a small infosec meetup in baltimore called charmsec. If you are looking for charmsec details you probably want to go here.
RSS