[SecurityRatty] tag: critique

Impact Factory

Wed, 14 May 2008 07:00:00 +0000

I spent yesterday in the company of Jo Ellen Gryzyb and Doug Osbourne of Impact Factory on their excellent presentation skills course. The course was a revelation: rather than being a critique of any bad habits, the course focuses on existing strengths and provides a number of tools for making best use of them. I know that the next time I stand up in front of an audience I'll be able to talk with a lot more confidence and to far greater effect.

Good presentation skills are an important and valuable asset. Selling the benefits of an information security program or project can be challenging so it's good to be armed with a good set of techniques for getting across the right messages regardless of audience or the amount of time available.

BT Encourages Businesses to Open Up Wi-Fi for OpenZone Expansion

Tue, 22 Apr 2008 09:51:44 +0000

BT will upgrade its business customers broadband modem firmware to allow public hotspot service: This is a very, very interesting move on the part of the UK's giant telecom provider. The company will upgrade the firmware for its BT Business Total Broadband customers, which number 170,000. By flipping a switch, the business's modem will create an outpost of BT OpenZone, using a separate SSID, and a "secure Internet channel," as the press release describes it, which means a VLAN or similarly segregated connection that prevents access to the business's internal network.

The notion is that visitors can gain Internet access by using an existing OpenZone subscription, paying a fee (the business can sell vouchers), or being a member of a roaming network. The business customers receive 50 to 500 minutes of use on OpenZone each month themselves, based on their BT contract for broadband.

This business hotspot option extends a previous relationship for residential users with Fon that allows BT home users to flip a switch and become a Fonero.

These kinds of organic extensions of networks have very little impact on the party that's sharing their broadband, because there's almost no work involved. But if enough people opt in, it can have a large impact on the amount of hotspot service that's available. While I have critique Fon for its backside-utility quotient--how readily one can get work done or even make a phone call at many Foneros' locations--the BT business plan assures that hotspots will be in places where people work and gather.

A Critique of the ANSI Standard on Role-Based Access Control

Mon, 07 Jan 2008 06:15:52 +0000

Vendors have widely adopted RBAC to manage user access to computer resources in various products, including database management systems. However, as this analysis shows, the standard is hindered by limitations, errors, and design flaws.

RBAC Standard Rationale: Comments on "A Critique of the ANSI Standard on Role-Based Access Control"

Mon, 07 Jan 2008 06:15:52 +0000

As the authors of the original proposal for the role-based access control (RBAC) standard and developers of the models from which it derives, the authors respond here to Ninghui Li, Ji-Won Byun, and Elisa Bertino's critique, which also appears in this issue. This is an opportune time in the revision cycle to introduce proposals for changes to the standard.