('binary' encoding is not supported, stored as-is) In-Reply-To: <73839EE85D27D4118703000629383540041CFF16at_private> Darian, Hopefully, I can share a few experiences on my own in writing skills and how it involves. I try to be as "bi-lingual" as I can, i.e. being able to speak techie and being able to speak the analytical/decision maker actionable items. It is a tricky and winding path, but personally very interesting and rewarding. As such, I have emphasized analyzing on the very technical aspects of an issue and the "big picture" or very consise threat/actionable item needs. There are numerous areas within INFOSEC that require a clear and concise explanation of threats and the ability to communicate these effectively to a broad audience. For example, national-level threat documents require detailed analysis and the audience can vary from a single individual to senior decision makers. Each audience has their own interests and needs, and the document must communicate effectively to all by guiding the reader to a clear, actionable conclusion. Usually, this has to be all within one document! As such, some of the areas I would recommend that you get involved with in either creating or at least assiting with would be: - Analytical threat documents - Security advisories - Risk assessments - Senior executive/decision maker briefings - User advisories - Standards and Guidelines - "Technical/analytical observations" The last part takes some explaining. In the great teams I've been involved with, there's an "informal" reporting system that we use. For example, everyone typically forwards a news story to a colleague, friend, etc. These simple opportunities can be a great way to share your personal unique knowledge on an item by offering up some advice or observations on the impact of the change, an evolving trend, or simply a recommendation on an action. I'm not sure which area your organization focuses on, but hopefully one of these areas will be available for you to gain experience in. In addition, many times, a threat will require an immediate briefing or analytical product to This not only applies to government, but to industry, education, any service involved in systems in general. The pervasiveness of computers and the speed at which systems can be affected require clear, immediate attention to the threats. As an engineer, you may be tasked to provide the technical portion of the threat that may need to be distributed to the entire organization. Any or all of these areas would be excellent to hone your developing writing skills. Each of these areas is a unique challenge to communicate the problems we all face getting our message across to decision makers. For each of these areas, there are numerous examples I can recommend offhand taking a look at (some of which I've been involved with): - NIPC Advisories: http://www.nipc.gov/publications/highlights/highlights.h tm - CIAO (several threat documents): http://www.ciao.gov/ - NIST Security Guidelines (NIST is tasked with creating security guidelines and standards): http://csrc.nist.gov/publications/drafts.html - NIPC CyberNotes: http://www.nipc.gov/cybernotes/cybernotes.htm - CERT (the obvious advisories): http://www.cert.org/ - Any of the many security mailing lists - This site! Reading and studying the writing styles in each of these publications is a great way to learn the writing skills necessary for INFOSEC publications. .At any rate, hope this helps somewhat in where to find information INFOSEC examples of "strong writing skills"! Good luck! Regards, Andrew Boncek UNISYS Senior INFOSEC Engineer
This archive was generated by hypermail 2b30 : Tue Mar 12 2002 - 14:22:56 PST