Matriux Security Distro

Matriux is a fully featured security distribution consisting of a bunch of powerful, open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, and much more. It is a distribution designed for security enthusiasts and professionals, although it can be used normally as your default desktop system. With Matriux, any system can turn into a powerful penetration testing toolkit, without installing any software into the hardisk. Matriux is designed to run from a Live environment like a CD / DVD or USB stick or it can easily be installed on a hard disk in a few steps. Matriux also includes a set of computer forensics and data recovery tools that can be used for forensic analysis and investigations and data retrieval.

Selected Sun Tzu Quotes for Security Managers

Selected quotes from the book "The Art of War for Security Managers: 10 Steps to Enhancing Organizational Effectiveness"

• For to win one hundred victories in one hundred battles is not the acme of skill. To subdue the enemy without fighting is the acme of skill.
• The Way means inducing the people to have the same aim as the leader-ship, so that they will share death and share life, without fear of danger.
• Warfare is the greatest affair of the state, the basis of life and death, the Way (Tao) to survival or extinction. It must be thoroughly pondered and analyzed.
• If you know others and know yourself, you will not be imperiled in a hundred battles.
• The one who figures on victory at headquarters before even doing battle is the one with the most strategic factors on his side. The one who figures on inability to prevail at headquarters before doing battle is the one who has the least strategic factors on his side. The one with many strategic factors in his favor wins, the one with few strategic factors in his favor loses—how much more so for the one with no strategic factors in his favor. Observing this matter in this way, I can see who will win and who will lose.
• So the important thing in a military operation is victory, not persistence.
• The superior militarist strikes while schemes are being laid. The next best is to attack alliances. The next best is to attack the army. The lowest is to attack a city. Siege a city only as a last resort.
• The terrain is to be assessed in terms of distance, difficulty or ease of travel, dimension, and safety.
• The unorthodox and the orthodox give rise to each other, like a beginning-less circle—who could exhaust them?
• A military operation involves deception. Even though you are competent, appear to be incompetent. Though effective, appear to be ineffective.
• Foreknowledge cannot be gotten from ghosts and spirits, cannot be had by analogy, cannot be found out by calculation. It must be obtained from people, people who know the conditions of the enemy.
• A victorious army first wins and then seeks battle. A defeated army first battles and then seeks victory.

The Art of War for Security Managers: 10 Steps to Enhancing Organizational Effectiveness

The classic book The Art of War (or as it is sometimes translated, The Art of Strategy) by Sun Tzu is often used to illustrate principles that can apply to the management of business environments. The Art of War for Security Managers is the first book to apply the time-honored principles of Sun Tzu's theories of conflict to contemporary organizational security. Corporate leaders have a responsibility to make rational choices that maximize return on investment. The author posits that while conflict is inevitable, it need not be costly. The result is an efficient framework for understanding and dealing with conflict while minimizing costly protracted battles, focusing specifically on the crucial tasks a security manager must carry out in a 21st century organization.

• Includes an appendix with job aids the security manager can use in day-to-day workplace situations
• Provides readers with a framework for adapting Sun Tzu's theories of conflict within their own organizations
• From an author who routinely packs the room at his conference presentations

Risk Management ISO/IEC 31000 Standard

ISO Standard for Effective Management of Risk - ISO/IEC 31000, provides principles, framework and a process for managing any form of risk in a transparent, systematic and credible manner within any scope or context. The standard recommends that organizations develop, implement and continuously improve a risk management framework as an integral component of their management system. ISO/IEC 31000 purpose is to help organizations:

• Increase the likelihood of achieving objectives
• Encourage proactive management
• Be aware of the need to identify and treat risk throughout the organization
• Improve the identification of opportunities and threats
• Comply with relevant legal and regulatory requirements and international norms
• Improve financial reporting
• Improve governance
• Improve stakeholder confidence and trust
• Establish a reliable basis for decision making and planning
• Improve controls
• Effectively allocate and use resources for risk treatment
• Improve operational effectiveness and efficiency
• Enhance health and safety performance, as well as environmental protection
• Improve loss prevention and incident management
• Minimize losses
• Improve organizational learning
• Improve organizational resilience

ISO 31000 can be applied to any public, private or community enterprise, association, group or individual.

Hiring and Career Guides to the Information Security Profession

(ISC)² has published “Hiring Guide to the Information Security Profession”, a free reference guide for Human Resources (HR) professionals, hiring managers and recruiters, provides tips on how to best find, recruit, hire and retain qualified information security staff. Written with input from leading Human Resources, recruiting professionals and subject-matter experts, the Hiring Guide highlights the history and growth of the information security profession, typical job functions and career paths, and ideal candidate traits. In addition to that, Career Guide to the Information Security Profession is published as a free reference guide for Information Security professionals providing tips on how to best find and fill worth noticed Information Security vacancies.