Andy,

I'm UK based, but know nothing about Canadian side of things. What info are you looking for?

Rabray,

I'm curious, which part of UK?

Not wanting to sound negative, but if you're relying on a template to provide a strategy then you may be doing it wrong.

Might be better to ask the person/department asking for the information for an example of what they're expecting to see? Will ensure the information is relevant to your business and provide actual value, rather than just being another unused document that provides a tick in the box.

That seems like the defense lawyer is clutching at straws, I'll be interested to see how this plays out.

Unless I'm missing something (legalise isn't my specialty) Gmail is provided by some code (computer software) running on Google's systems (computer system), just because you (the user) can't physically touch the systems that the program is running on should change this.

Anyone got a different interpretation?

Multiple:
VM in each ESX lab
VM in player on 'Main' Windows machine
HDD install on netbook
Persistent USB for portability/emergencies.
LiveCD for 'trusted' incident response activities

All fairly heavily modified from 'Live' release to meet my needs and preferences.

From my experience VB will help a newbie programmer pull their hair out and be grateful when they graduate to a different language.

Being more serious; VB can provide a platform for learning coding basics, conditional and loop constructs etc. but I'd I'd highly recommend you take Chris' suggest of Python and start there. It's no harder to grasp the basics than VB and will provide you more lasting benefit going forward.

Hi Gnome,

guessing it depends on exactly what you mean/want by 'raw', but I'd suggest giving scapy a look.

Should hopefully do what you looking for, but at this time in the morning before coffee I'll admit I can't remember if I've run it over wireless before to confirm 100%.

Hope this helps.

Nice article Anton.

I'm pleased to see that the standard is maturing, hopefully in a direction that will (at a minimum) increase the baseline security for organisations that implement the requirement rather than just pay it lip service and pray.

Especially like the clarifications around both internal scanning and I[D/P]S usage, I think it should make it easier for both admins and security teams to justify some of their activities and requests to those less technical higher up.

Finally I'm glad that I'm not the only one that didn't think 2.0 was that large a convergence from it's predecessor, thought I must be missing something.

Thanks Don, and to you.

I don't spend a much time as I'd like to (my fault, nothing wrong with content, keeps getting better), but one of my resolutions is to correct that. If I start slipping again feel free to give me grief

Congrats, not a bad way to end the year

Umm, no.

Happy New Year

Congrats guys, gotta say I'm jealous

Nice addition to an already cool prize Jayson.

Now that is cracking prize, nice work as usual Don

Thanks CMonkeyDO