SecurityRatty: Musings on Information Security

Building secure application

2008-10-02 06:35:44 by RaviC in Musings on Information Security

...security creates more workload for Developers which is a disincentive and moreover, Developers are rewarded for building more functionality than building more security. I have never seen a Developer in my professional life for being rewarded for building a secure application Hackers are focused on how to break the application. They look for...

Tags: application, secure application, functional application, secure application inside, access application data, penetration, whitebox style penetration, developers, hackers traverse outside-in

The asymmetry of data loss - data thief has an upper hand

2008-10-01 06:33:22 by RaviC in Musings on Information Security

...information security awareness of personnel who handle the data Data loss is not a zero sum game. The advantage is in favor of a data thief (data thieves rather). Data owner does not give much thought on the value of data unless there is a data theft. But, a data thief has every reason to think about economics of data theft before he acts to...

Tags: data owner perspective, data owner, data, thief, owner, data freshness factor, data protection costs, discourage data thief, protect data

Misc notes on IDS/IPS

2008-09-28 20:11:06 by RaviC in Musings on Information Security

...Security Blogging community which was then catching up when I started this blog 2 years ago. To get a response for my musings from brilliant minds such as Mike Rothman, Alan Shimel, Chris Hoff and others, gives me immense joy. May be this a good therapy for my undiagnosed attention deficit It does not matter if Chris is right or I am right....

Tags: chris hoff, blog rational survivability, blog, chris, arthur chandler, market forces, random drift, immense joy, mike rothman

IDS/IPS - is it Vitamins?

2008-09-24 18:35:00 by RaviC in Musings on Information Security

...security engineer. Probably this job would interest a geekier person and geeks tend to their own interesting research There are companies that do without IDS, and they do just fine. I agree with Alan's assessment that IDS is like a Checkbox in most cases. Business can run without IDS just fine, why invest in such a technology Firewalls and...

Tags: ids, ids camp, ids continues, ids company, ids software, vitamins, businesses, financial institutions, vmware sounds fancy

Cute names can't come to rescue

2008-08-23 23:26:05 by RaviC in Musings on Information Security

...security project managers who were very good in creating a buzz around their projects. Projects were given fancy names. The funniest project name I have heard was "Baby Rhino". One day I get an email in my inbox with a subject line which says: Baby Rhino Caputred! - The email got my attention, but the project did not gain any extra respect...

Tags: names, project names, project, security project managers, bad strategy, bad, baby rhino, bad loans, fancy names

Taming of the Information Security

2008-07-09 06:33:00 by RaviC in Musings on Information Security

...information security grows up to become an unmanageable complex beast. In some cases, this happens consciously where information security goes out of control, but in other cases this happens unconsciously where there is a slow but incremental increase in the complexity of information security which leads to chaos The information security...

Tags: information security, information security field, information security bar, information security program, security, information security technology, poor security decisions, information security grows, companys security initiative

Security Function as a Business Enabler

2008-06-27 20:50:00 by RaviC in Musings on Information Security

...Information Security function (as part of IT) as an overhead of an overhead. It is utmost important for security manager to run the security function in a way that it enables the business The various components (sub functions) of security organization should align with the business objectives of the IT and the whole organization. There needs...

Tags: security, view security organization, security organization, business, information security function, organization, information security, cohesive security strategy, strategy

The Order of Diminishing Returns

2008-06-17 21:41:00 by RaviC in Musings on Information Security

...information assets, but sooner I realized these firewalls were not configured right and they were a set of a fireholes than a set of firewalls. Moreover, the maintenance costs in this type of complex security framework can be humongous. Imagine poor me debugging the firewall rules across these 5 layers of firewalls. But, one thing for sure...

Tags: complex security framework, firewall rules, firewall, security organizations, start-up, layers, start-up companies, provide continuous security, classic management term

Application Due Care

2008-02-18 08:55:12 by RaviC in Musings on Information Security

...security layers". Truly secure application is a far fetched statement 1. What is the application made of? - Complexity 2. How was the application built? - Methodology 3. Where does the application run? - Environment 1. Complexity - Applications are developed using one or more of open source software, third party libraries, re-used libraries...

Tags: application, application due care, development methodology, methodology, application runs, application exist, application security, development, secure application

Security is Invisible and Customers won't Pay for Security

2008-01-25 19:06:11 by RaviC in Musings on Information Security

...Security is invisible. Customers are willing to pay for visible software product functionality but not for secure software product development methodology. Unfortunately, most of the security is in the backend, if security works well, truly, it should be "invisible" and the fact that it hidden does not motivate customers to pay anything...

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo