In November of 2005, Gideon established an information security distribution list.

Gideon's InfoSec List

I typically forward interesting security resources and news articles to information security contacts as a matter of professional courtesy. Over the years the list of people grew and it made sense to use a list to automate distribution. If you're interested in information security, it may be the list for you.

The most recent posts are displayed in the window on the right. Here are methods to access the list: Twitter website, RSS feed or E-mail.

Archived Messages

Why Should We Pay China?
Risk IT Framework - ISACA
Top 5 Social Engineering Exploit Techniques
Enterprise Risk and Compliance Reporting
Security is Golden
Calabrese's Razor
Kinetic Fireballs, Obscurity and Aggregation
E-Commerce Payment Card Security
The Financial Impact of Cyber Risk: 50 Questions Every CFO Should Ask
Global State of Information Security 2008
PCI DSS Revisions and Next Steps
Can We Be Compliant and Yet Insecure?
Beyond Minimum Compliance: PCI Risk Management
2008 Data Breach Investigations Report - Verizon
Failure Mode and Effects Analysis: Process and System Risk Assessment
Information Security Career
The Federal Bureau of Investigation - Capabilities and Service
Alternate Duty List
Disaster Recovery Audit
Security Acumen: Business First
Cyberwar: A Threat to Business
Unified Compliance Project (UCP)
CISSP and CISA Prep Advice
Terrorism E-Mail Alerts
Security Awareness Program
Security Breach Lists
Compliance Burden - Forest for the Trees?
The Emergency Email and Wireless Network
The VA Stolen Laptop - Lessons Learned
Insider Risk Management Guide
Use the Features of Network Switches
System Security Plan Tool
Fraud Examination - An INFOSEC Niche
Systematic Removal of Accesses: Pull the Key from the Lock
13 Ways to Get Your Developers on Board with Software Security
Questions to Gauge Security Awareness
The Insider Threat
Software Development: Building Security In
Application Security
Protect Internal Networks from Internet Exposure
Support for Strong Authentication
NIST Guidelines for Media Sanitization (Draft)
Microsoft Shared Computer Toolkit for XP
Retaining INFOSEC Professionals
Thoughts on eVaulting
Circumventing Group Policy as a Limited User
Inexpensive Cisco Network Log Analysis
Continuous Auditing Guide (ISSA)
Risk Management Template
Home-grown INFOSEC Professionals