Interested in how security works in the corporate/etc world?
Legendary German crypto-security researcher Karsten Nohl’s SRlabs has a good intro to thinking about security in an organizational setting. (Published in the wake of them cracking the Mifare Classic and other access-control systems.) It covers the whole process from identifying vulnerabilities to solving problems while rolling out fixes.
Granted, in the wake of the ‘Insecure Email’ link’s statistic — that if the world saw what they wrote in email, senior management at 60% of organizations think they’d lose the trust of their employees and customers — I’m unsure if it’s ethical to help improve their security.
But hey. Thinking about security for the big beasts helps when you start thinking about security for the little guy too.
(too long to quote)