The purpose of this slide is to find a commonality among InfoSec, PMP and Chan. While two are quite modern and systematic oriented, the last one had existed for thousand of years and viewed as simplistic. After all, one just sits and finds the inner peace. But Chan is a discipline that is also measurable just like its modern counterparts as this slide will show.
项目资安禅 - Project Management, Information Security & ChanChuan Lin
这简报的目标是查找项目、资安与禅之间的共同点。 先前两个都相当现代化和系统化的。 禅已经存在了几千年来,看来是简单化而无系统化的。 但是禅也是个相当系统化、并有科学与研究的后盾。
The purpose of this slide is to find a commonality among InfoSec, PMP and Chan. While two are quite modern and systematic oriented, the last one had existed for thousand of years and viewed as simplistic. After all, one just sits and finds the inner peace. But Chan is a discipline that is also measurable just like its modern counterparts as this slide will show.
Thirty-Six Stratagems of Social Engineering, Part IChuan Lin
Why Thirty-Six Social Engineer Stratagems?
As organization/nation-states are strengthened software and network aspect of cyber defenses, attackers have to look for other ways to access data.
Cyber attacks like all forms of warfare are ever escalating. In 2003, phishing introduced the art of social engineering into information security world. An email, that informed users of their password expiration, has opened up a new battlefront.
For a more sophisticate and escalate data breach, a master plan will be required, numerous stratagems are hatched to deal with various scenario, and vast numbers of bots will provide ample firepower.
An objective for this slide is to provide food for thoughts to InfoSec Pro (Information Security Professions) to recognize patterns and hopefully come up with means to deal with them.
The purpose of this slide is to find a commonality among InfoSec, PMP and Chan. While two are quite modern and systematic oriented, the last one had existed for thousand of years and viewed as simplistic. After all, one just sits and finds the inner peace. But Chan is a discipline that is also measurable just like its modern counterparts as this slide will show.
项目资安禅 - Project Management, Information Security & ChanChuan Lin
这简报的目标是查找项目、资安与禅之间的共同点。 先前两个都相当现代化和系统化的。 禅已经存在了几千年来,看来是简单化而无系统化的。 但是禅也是个相当系统化、并有科学与研究的后盾。
The purpose of this slide is to find a commonality among InfoSec, PMP and Chan. While two are quite modern and systematic oriented, the last one had existed for thousand of years and viewed as simplistic. After all, one just sits and finds the inner peace. But Chan is a discipline that is also measurable just like its modern counterparts as this slide will show.
Thirty-Six Stratagems of Social Engineering, Part IChuan Lin
Why Thirty-Six Social Engineer Stratagems?
As organization/nation-states are strengthened software and network aspect of cyber defenses, attackers have to look for other ways to access data.
Cyber attacks like all forms of warfare are ever escalating. In 2003, phishing introduced the art of social engineering into information security world. An email, that informed users of their password expiration, has opened up a new battlefront.
For a more sophisticate and escalate data breach, a master plan will be required, numerous stratagems are hatched to deal with various scenario, and vast numbers of bots will provide ample firepower.
An objective for this slide is to provide food for thoughts to InfoSec Pro (Information Security Professions) to recognize patterns and hopefully come up with means to deal with them.
How ancient Chinese Classics, Great Learning, remains relevant in modern information security profession. This presentation will show side by side of what was true back in 400 BC, can also apply to modern day 21st Century. It is also the first book on MaaS (Management as a Service).
大学的三纲跟(ISC)2和SAN的守则没有什么不同。
十资安域和技术信息的知识是对于信息安全专业有必要地。但个人的道德标准是有预期但不多指示、只要按照各种法律/裁决像HIPAA、SOX、GLBA、安全港等就算了。
我相信大学是信息安全(InfoSec)专业伦理有用的指南。
Revisit the Three Kingdoms was a quarterly issue ezine on China's Three Kingdoms era. It was created as part of Romancing Cathay which was a group of people interested in playing and introducing games about Ancient China. There were many impressive and exciting tall tales, legends, myths, and historical events that we believed would fascinate players world-wide. Our goal was to introduce these captivating stories in various game formats. In addition, we felt that through playing games, people would become more curious in learning more about China.
Content
Sorry for the Delay
Cao Cao's Ambition , part 5b of 9
Zhange He, the Marquis of Strength
Zhou Yun, the Artful General
Adventure at Qian-tong
Web Reference
Catalog
Romance of the The Kingdoms Manga Volume I Sneak Peak
Yellow Emperor Internal Canon on Information Security - part 1Chuan Lin
Yellow Emperor Internal Canon (YEIC) is a part of series of Chinese Wisdom as a Service (CWaaS). It is capable of dispense wisdom to meet the reader’s need if that person has the necessary awareness.
This presentation is an obsequious attempt to apply YEIC to Information Security.
Revisit the Three Kingdoms was a quarterly issue ezine on China's Three Kingdoms era. It was created as part of Romancing Cathay which was a group of people interested in playing and introducing games about Ancient China. There were many impressive and exciting tall tales, legends, myths, and historical events that we believed would fascinate players world-wide. Our goal was to introduce these captivating stories in various game formats. In addition, we felt that through playing games, people would become more curious in learning more about China.
Content
Looking Back, Looking Forward
Cao Cao's Ambition , part 5 of 9
Art of Propriety
Yu Jin, General of Tiger's Awe
Zhou Yun, the Artful General
Reference and Resources
There was a plan do a Kickstarter for the romance of the three kingdoms table top role playing game. Preview ad is @
https://www.kickstarter.com/projects/sanguine/1817858762?token=79efaf43
這簡報的目標是查找專案、資安與禪之間的共同點。先前兩個都相當現代化和系統化的。禪已經存在了幾千年來,看來是簡單化而無系統化的。但是禪也是個相當系統化、並有科學與研究的後盾。
The purpose of this slide is to find a commonality among InfoSec, PMP and Chan. While two are quite modern and systematic oriented, the last one had existed for thousand of years and viewed as simplistic. After all, one just sits and finds the inner peace. But Chan is a discipline that is also measurable just like its modern counterparts as this slide will show.
The document discusses events in China around 197 AD during the late Han Dynasty. Liu Bei fled from his position in Xiaopei city, fearing an attack from Yuan Shu's general Ji Ling. Liu Bei sought protection from Cao Cao, who reinstated him. Meanwhile, Lu Bu allied with Yuan Shu but disagreed with attacking Liu Bei. Yuan Shu later declared himself emperor, causing Cao Cao and Lu Bu to turn against him. Chen Deng of Xu province helped Cao Cao and gained promotions, angering Lu Bu. Yuan Shu then attacked Xu province in response to Lu Bu's betrayal.
Warfare is an extension of state in exerting its influences.
Project is an extension of a company in exerting its competitiveness.
While PMI provides standards, best practices, and guidelines, it views situations within the box. Practitioners are advised to follow through Organization Process Assets (OPA), Enterprise Environmental Factors (EEF), and/or advises of senior members on non-standard situations.
Sunzi's Art of War can offer a valuable insights from outside the box.
There are common issues faced by generals and project managers.
1) Time/Heaven – it is always a race against time because any prolongment drains available resources.
2) Resources/Earth – While it is necessary to spend capital toward the completion of project, no project is worth the cost, if the end result would bankrupt a nation/company.
3) People – Whether internal stakeholders to external vendors or domestic oppositions to foreign combatants, they are the wildcards in a control environment.
Revisiting the Three Kingdoms Quarterly is a pdf ezine dedicated to the advocacy and increase general awareness of Romance of the Three Kingdoms period.
Historical Articles:
Cao Cao's Ambition
Jiao, Shen, and Ling
Dong Zhuo, the Tyran
Peach Garden Oath theme deck
FUDGE - Revisiting the Three Kingdoms in a nutshell
International Journal for Romance of the Three Kingdoms
Vol 1 Issue 2 - February 2002
Revisiting the Three Kingdoms Quarterly is a free pdf
magazine dedicated to the advocacy and increase general awareness of Romance of the Three Kingdoms period.
Historical Articles
Life of Cào Cao - Part II: The Foundation (190 - 195 AD)
Late Han Dynasty Bureaucracy
Sun Jian, Scion of Sun-tze
My first attempt on creating ezine that focused on Three Kingdoms period in China back in early 2000s.
Contents included
- Story of Cao Cao (Part 1 of 9)
- Army Structure During Three Kingdoms Period
- Lu Bu: East and West views
- Review of games with Three Kingdoms theme
This document discusses the similarities between the board game Go (also known as Weiqi) and information security (InfoSec). It describes how Go components like stones, the board, and lines of defense map to InfoSec concepts like technologies, company locations, and layers of security. Stones represent both offensive and defensive tools, and the board represents a company, with intersection points as areas where networks, hardware, software, and people converge. Different board sizes correlate to company sizes, and strategic points on the board are like critical assets to protect. The document advocates viewing InfoSec defenses holistically and in depth, rather than focusing on any single area.
Great Learning & Information Security - English editionChuan Lin
How ancient Chinese Classics, Great Learning, remains relevant in modern information security profession. This presentation will show side by side of what was true back in 400 BC, can also apply to modern day 21st Century. It is also the first book on MaaS (Management as a Service).
How ancient Chinese Classics, Great Learning, remains relevant in modern information security profession. This presentation will show side by side of what was true back in 400 BC, can also apply to modern day 21st Century. It is also the first book on MaaS (Management as a Service).
大學的三綱跟(ISC)2和SAN的守則沒有什麼不同。
十資安域和技術信息的知識是對於信息安全專業有必要地。但個人的道德標準是有預期但不多指示、只要按照各種法律/裁決像HIPAA、SOX、GLBA、安全港等就算了。
我相信大學是信息安全(InfoSec)專業倫理有用的指南。
How ancient Chinese Classics, Great Learning, remains relevant in modern information security profession. This presentation will show side by side of what was true back in 400 BC, can also apply to modern day 21st Century. It is also the first book on MaaS (Management as a Service).
大学的三纲跟(ISC)2和SAN的守则没有什么不同。
十资安域和技术信息的知识是对于信息安全专业有必要地。但个人的道德标准是有预期但不多指示、只要按照各种法律/裁决像HIPAA、SOX、GLBA、安全港等就算了。
我相信大学是信息安全(InfoSec)专业伦理有用的指南。
Revisit the Three Kingdoms was a quarterly issue ezine on China's Three Kingdoms era. It was created as part of Romancing Cathay which was a group of people interested in playing and introducing games about Ancient China. There were many impressive and exciting tall tales, legends, myths, and historical events that we believed would fascinate players world-wide. Our goal was to introduce these captivating stories in various game formats. In addition, we felt that through playing games, people would become more curious in learning more about China.
Content
Sorry for the Delay
Cao Cao's Ambition , part 5b of 9
Zhange He, the Marquis of Strength
Zhou Yun, the Artful General
Adventure at Qian-tong
Web Reference
Catalog
Romance of the The Kingdoms Manga Volume I Sneak Peak
Yellow Emperor Internal Canon on Information Security - part 1Chuan Lin
Yellow Emperor Internal Canon (YEIC) is a part of series of Chinese Wisdom as a Service (CWaaS). It is capable of dispense wisdom to meet the reader’s need if that person has the necessary awareness.
This presentation is an obsequious attempt to apply YEIC to Information Security.
Revisit the Three Kingdoms was a quarterly issue ezine on China's Three Kingdoms era. It was created as part of Romancing Cathay which was a group of people interested in playing and introducing games about Ancient China. There were many impressive and exciting tall tales, legends, myths, and historical events that we believed would fascinate players world-wide. Our goal was to introduce these captivating stories in various game formats. In addition, we felt that through playing games, people would become more curious in learning more about China.
Content
Looking Back, Looking Forward
Cao Cao's Ambition , part 5 of 9
Art of Propriety
Yu Jin, General of Tiger's Awe
Zhou Yun, the Artful General
Reference and Resources
There was a plan do a Kickstarter for the romance of the three kingdoms table top role playing game. Preview ad is @
https://www.kickstarter.com/projects/sanguine/1817858762?token=79efaf43
這簡報的目標是查找專案、資安與禪之間的共同點。先前兩個都相當現代化和系統化的。禪已經存在了幾千年來,看來是簡單化而無系統化的。但是禪也是個相當系統化、並有科學與研究的後盾。
The purpose of this slide is to find a commonality among InfoSec, PMP and Chan. While two are quite modern and systematic oriented, the last one had existed for thousand of years and viewed as simplistic. After all, one just sits and finds the inner peace. But Chan is a discipline that is also measurable just like its modern counterparts as this slide will show.
The document discusses events in China around 197 AD during the late Han Dynasty. Liu Bei fled from his position in Xiaopei city, fearing an attack from Yuan Shu's general Ji Ling. Liu Bei sought protection from Cao Cao, who reinstated him. Meanwhile, Lu Bu allied with Yuan Shu but disagreed with attacking Liu Bei. Yuan Shu later declared himself emperor, causing Cao Cao and Lu Bu to turn against him. Chen Deng of Xu province helped Cao Cao and gained promotions, angering Lu Bu. Yuan Shu then attacked Xu province in response to Lu Bu's betrayal.
Warfare is an extension of state in exerting its influences.
Project is an extension of a company in exerting its competitiveness.
While PMI provides standards, best practices, and guidelines, it views situations within the box. Practitioners are advised to follow through Organization Process Assets (OPA), Enterprise Environmental Factors (EEF), and/or advises of senior members on non-standard situations.
Sunzi's Art of War can offer a valuable insights from outside the box.
There are common issues faced by generals and project managers.
1) Time/Heaven – it is always a race against time because any prolongment drains available resources.
2) Resources/Earth – While it is necessary to spend capital toward the completion of project, no project is worth the cost, if the end result would bankrupt a nation/company.
3) People – Whether internal stakeholders to external vendors or domestic oppositions to foreign combatants, they are the wildcards in a control environment.
Revisiting the Three Kingdoms Quarterly is a pdf ezine dedicated to the advocacy and increase general awareness of Romance of the Three Kingdoms period.
Historical Articles:
Cao Cao's Ambition
Jiao, Shen, and Ling
Dong Zhuo, the Tyran
Peach Garden Oath theme deck
FUDGE - Revisiting the Three Kingdoms in a nutshell
International Journal for Romance of the Three Kingdoms
Vol 1 Issue 2 - February 2002
Revisiting the Three Kingdoms Quarterly is a free pdf
magazine dedicated to the advocacy and increase general awareness of Romance of the Three Kingdoms period.
Historical Articles
Life of Cào Cao - Part II: The Foundation (190 - 195 AD)
Late Han Dynasty Bureaucracy
Sun Jian, Scion of Sun-tze
My first attempt on creating ezine that focused on Three Kingdoms period in China back in early 2000s.
Contents included
- Story of Cao Cao (Part 1 of 9)
- Army Structure During Three Kingdoms Period
- Lu Bu: East and West views
- Review of games with Three Kingdoms theme
This document discusses the similarities between the board game Go (also known as Weiqi) and information security (InfoSec). It describes how Go components like stones, the board, and lines of defense map to InfoSec concepts like technologies, company locations, and layers of security. Stones represent both offensive and defensive tools, and the board represents a company, with intersection points as areas where networks, hardware, software, and people converge. Different board sizes correlate to company sizes, and strategic points on the board are like critical assets to protect. The document advocates viewing InfoSec defenses holistically and in depth, rather than focusing on any single area.
Great Learning & Information Security - English editionChuan Lin
How ancient Chinese Classics, Great Learning, remains relevant in modern information security profession. This presentation will show side by side of what was true back in 400 BC, can also apply to modern day 21st Century. It is also the first book on MaaS (Management as a Service).
How ancient Chinese Classics, Great Learning, remains relevant in modern information security profession. This presentation will show side by side of what was true back in 400 BC, can also apply to modern day 21st Century. It is also the first book on MaaS (Management as a Service).
大學的三綱跟(ISC)2和SAN的守則沒有什麼不同。
十資安域和技術信息的知識是對於信息安全專業有必要地。但個人的道德標準是有預期但不多指示、只要按照各種法律/裁決像HIPAA、SOX、GLBA、安全港等就算了。
我相信大學是信息安全(InfoSec)專業倫理有用的指南。
16. 敌战之计
1. 无中生有
Create something from
nothing
2. 明修栈道,暗渡陈仓
Openly repairing the road,
sneaking through the back
3. 隔岸观火
Watch fires burn, across the
river
4. 笑里藏刀
Hiding a knife behind a
smile
5. 李代桃僵
Sacrifice a plum, preserve a
peach
6. 顺手牵羊
Take an opportunity to pilfer a
goat
22. 攻战之计
1. 打草惊蛇
Stomping grass, scaring
snake
2. 借尸还魂
Borrow a corpse to
resurrect a soul
3. 调虎离山
Entice the tiger to leave its
mountain
4. 欲擒故纵
Capture through Release
5. 抛砖引玉
Trading a brick for a jade
6. 擒贼擒王
Defeat enemy through
their chief
23. 借尸还魂
Borrow a corpse to resurrect a soul
解释
有用者,不可借;不能用者,求借。
借不能用者而用之,匪我求童蒙,童
蒙求我。
即使你有压倒型的攻击力,你没有需
要把它们显示出来,或者利用它们,
除非到绝对必要的时候。反而保持隐
藏,它会增高资安专家的狐疑与不确
定性。不知道你会在哪里攻击。宁可
用一些无相关并借的东西来引诱资安
专家的注意而让你提高你的势力范围。
历史背景
在三国时期,刘备奔益州向刘璋投靠。
璋愿。但他将军杨怀、高沛担心刘备是
来掠蜀。他们决定刺杀刘备。不料他们
的计划被泄露。
刘备以庆祝联盟而邀请他们来刘备军营。
在庆祝活动中间,刘备私下对他们话要
分享他的秘密军事计划与如何对付曹操。
当他们来到刘备的帐篷里,刘兵拿下他
们,搜查,和发现隐藏的匕首。
在刺客斩杀之后,刘备对杨高部队宣布,
他担心他们的主人的安全,并要求他们
马上返回。刘备部队跟随。在城门下,
卫兵认定杨高部队,而打开了闸门。刘
备军冲进来与霸占刘璋的城。
24. 借尸还魂
Borrow a corpse to resurrect a soul
信息时代
在科技中,借尸还魂可以联想到木马和僵
尸的恶意软件。
在社交中,借尸还魂通常是指身份盗窃。
信息例子
28. 混战之计
1. 釜底抽薪
Remove firewood from
boiling pot
2. 混水摸鱼
Catch a fish through
muddle water
3. 金蝉脱壳
Shedding cicada’s golden
shell
4. 关门捉贼
Shut the door to catch a
thief
5. 远交近攻
Befriend a distant state
while attacking a
neighboring state
6. 假道伐虢
Obtain safe passage to
conquer the State of Guo
34. 并战计
1. 偷梁換柱
Replace beams with rotten
timbers
2. 指桑罵槐
Pointing mulberry tree
while cursing locust tree
3. 假癡不癲
Feign madness in order to
maintain sanity
4. 上屋抽梯
Remove ladder after an
enemy ascended the roof
5. 樹上開花
Deck the tree with false
blossoms
6. 反客為主
Switch from guest to host