Relationship between a policy, standard, guideline, and procedure

After a recent conversation explaining the relationship between a standard and guideline, I thought I’d post this diagram which clearly shows the relationship, at that of policies and procedures.

Cold boot attacks on disk encryption

In the “featured videos” section of my blog, you’ll notice a new video discussing cold boot attacks. The premise behind cold boot attacks is that they can be used to extract data from systems even if the system uses disk encryption. Specifically, when an attacker has physical access to a system, they can take advantage of the fact that a screen locked or “sleeping” system holds crypto keys in RAM after it’s powered-off. After pulling the plug, an attacker can use the short window that the data stays in RAM, or simply cool the RAM with a can of air for more time.

Check out the video–it’s pretty insightful!

//Update//

I’ve provided the video below…