<![CDATA[[SecurityRatty] tag: taosecurity]]> http://securityratty.com/tag/taosecurity Thu, 20 Dec 2007 21:00:00 +0000 iRatty Engine http://blogs.law.harvard.edu/tech/rss <![CDATA[Links for 2008-07-15 [del.icio.us]]]> http://securityratty.com/article/6d10d0e3306711df8bca069e3f891fa8 http://securityratty.com/article/6d10d0e3306711df8bca069e3f891fa8
  • SAP Library - Administration Manual - Logging
  • TaoSecurity: The Best Single Day Class Ever
    I had the great fortune to attend Edward Tufte's one day class Presenting Data and Information. I only knew Tufte from advertisements in the Economist. For example, the image at left was frequently used as an ad in the print magazine.
  • Dorian Software BLOG: Event Analyst ® 7 Can Slice and Dice Your Security Event Logs ... Any Way Your Auditors Want Them Served
  • The Future Of Application And Database Security: Part 1, Setting The Stage | securosis.com
    • ]]>     Tue, 15 Jul 2008 20:00:00 +0000 single day class day class attend edward tufte tufte dorian software blog security event logs administration manual database security sap library Links for 2008-07-15 [del.icio.us]     <![CDATA[Links for 2008-04-18 [del.icio.us]]]> http://securityratty.com/article/242c12da6cfce2231ee9509a4baea938 http://securityratty.com/article/242c12da6cfce2231ee9509a4baea938
  • Financial Cryptography: 2 views on the RSA security conference: a war of signals?
    "I agree with the notion that we are facing crunch time for the sector (and have been predicting it for longer than I care to remember). It is certainly an exercise for the armchair economists to predict where it goes from here. But, let there be no doubt
  • 1 Raindrop: RSA Debrief 1.1
    In a nutshell: here is the problem with enterprise security products - they charge enterprise prices, but they do not deliver enterprise quality.
  • Inconvenient Lack of Truth - Desktop Security - Dark Reading
  • Addressing Application Vulnerabilities With PCI DSS Log Management Compliance - Realtime IT Compliance
  • TaoSecurity: Ten Themes from Recent Conferences
    • ]]>     Fri, 18 Apr 2008 20:00:00 +0000 charge enterprise prices deliver enterprise quality rsa security conference enterprise security products rsa debrief armchair economists crunch time financial cryptography application vulnerabilities Links for 2008-04-18 [del.icio.us]     <![CDATA[Links for 2008-02-25 [del.icio.us]]]> http://securityratty.com/article/75fa782b9dd4787b807e14ade0da9292 http://securityratty.com/article/75fa782b9dd4787b807e14ade0da9292
  • Security and Risk Management Strategies Blog: Prospects Brightening for a Common Event Standard
  • You want a platform? We got your platform right here, buddy. - Splunk Dev
  • Category:OWASP XML Security Gateway Evaluation Criteria Project Latest - OWASP
    Section 3 - Audit Logging 3.1 Describe the audit logging input and output options 3.2 Describe log analysis tools 3.3 Describe security event notification options 3.4 Where and how is logging integrated into XSG? 3.4.1 How are the logs secu
  • Musings on Information Security :: Application Due Care
    Often I hear phrases such as "if the application is truly built secure inside-out, then there is no need for other security layers". Truly secure application is a far fetched statement. 1. What is the application made of? - Complexity. 2. How was the
  • Log Management Explained; Aberdeen Featured Report; Web Malicious Code; SecureFacts: Log Management and Log Retention - Research - Managed, Monitored, On-Demand Security Services Provider
    Log Management consists of two core processes: Log Monitoring and Log Retention. The following graphic illustrates the major steps in each process:
  • practical risk management: Gartner IT GRC Predictions
  • practical risk management: 2008 - The Year of IT Risk Management?
  • Spire Security Viewpoint: Another Envelope: Vulnerability Growth Rates
    Calculations: * [C1] Number of new lines of code created every day -- 2m * 25 = 50 million [A1]*[A2] * [C2] Number of new vulnerabilities created every day -- 50m / 10k = 5,000 [C1]/[A3] * [C3] % of new vulnerabilities eventually found --
  • Enterprise Systems | IT and Compliance: 5 Big Predictions for 2008
  • TaoSecurity: First They Came for Bandwidth...
    Overall I see a progression like the following. (I thought I posted this before but I cannot find it!) * First they came for bandwidth... These are attacks on availability, executed via denial of service attacks starting in the mid 1990's and mon
  • Seek or Show: Two Design Paradigms for Lots of Data « Theresaneil’s Weblog
    • ]]>     Mon, 25 Feb 2008 21:00:00 +0000 log management log security spire security viewpoint risk management practical risk management application due care application security layers Links for 2008-02-25 [del.icio.us]     <![CDATA[Links for 2008-01-22 [del.icio.us]]]> http://securityratty.com/article/6435d313b2851e2653165f9426050242 http://securityratty.com/article/6435d313b2851e2653165f9426050242
  • TaoSecurity: Is This For Real?
  • 7 myths about security metrics
  • CMS to check hospitals for HIPAA security compliance
  • One year later: Five takeaways from the TJX breach
  • Riskbloggers - Security Wisdom ahead of the curve
  • Q1 Labs Signs OEM Agreement with Juniper Networks
  • ArcSight plans to raise about $52M in IPO - Silicon Valley / San Jose Business Journal:
    In an amended filing with the Securities and Exchange Commission, when, Cupertino-based ArcSight said it plans to sell 6 million shares, while stockholders will sell an additional 861,919 shares. Based on the expected price range, the company would have a
    • ]]>     Tue, 22 Jan 2008 21:00:00 +0000 arcsight plans arcsight shares hipaa security compliance plans million shares security wisdom ahead juniper networks security metrics Links for 2008-01-22 [del.icio.us]     <![CDATA[Links for 2008-01-16 [del.icio.us]]]> http://securityratty.com/article/1c7e63813e6712aa086dd2eb46d9a30d http://securityratty.com/article/1c7e63813e6712aa086dd2eb46d9a30d
  • Be A Man: Fake it until you make it
  • Do you think you’re a strategist? You’re probably wrong. » Brazen Careerist by Penelope Trunk
  • Event Correlation on a Budget (spoofed.org)
  • Financial Cryptography: 2007: year in review...
  • Bayes and risk
  • Rational Survivability: Security and Disruptive Innovation Part I: The Setup
  • Storm, Nugache lead dangerous new botnet barrage
    This is the future of malware and it's not a pretty picture. What it is, is a nightmare: a new breed of malicious software developed, tested and sold by professionals and engineered to change on the fly, adapt to its environment and evade traditional defe
  • Top ten information security risks fo...
  • Wall of Shame: TIME CRIME
  • Rational Survivability: Security and Disruptive Innovation Part II: Examples of Disruptive Innovation/Technology in the Security Space
  • Rational Survivability: Security and Disruptive Innovation Part III: Examples of Disruptive Innovation/Technology in the Security Space
    SaaS is a really interesting disruptive element to the traditional approach of deploying applications and services; so much so that in many cases, the business has the potential to realize an opportunity to sidestep IT and Security altogether by being abl
  • Rational Survivability: Security and Disruptive Innovation Part IV: Embracing Disruptive Innovation by Mapping to a Strategic Innovation Framework
    What we really seek to do is balance information sharing with the need to manage risk to an acceptable level. So when folks ask if the future will be more "secure," I love to refer them to Marcus Ranum's quote in the slide above: "...it will be just as i
  • TaoSecurity: Defensible Network Architecture 2.0
  • 5 VoIP threat predictions for 2008
  • Top 5 VoIP vulnerabilities in 2007
  • Review: Appliances boost log management - 16 Jan 2008 - IT Week
  • 0x000000 - THE HACKER WEBZINE
    • ]]>     Wed, 16 Jan 2008 21:00:00 +0000 security space saas security space security disruptive innovation information security risks disruptive rational survivability security altogether disruptive element Links for 2008-01-16 [del.icio.us]     <![CDATA[Links for 2007-12-21 [del.icio.us]]]> http://securityratty.com/article/1683cdddef55959e085f6a34a2cd7f71 http://securityratty.com/article/1683cdddef55959e085f6a34a2cd7f71
  • Questions to Ask Vendors of Log-File Security Monitoring
  • TaoSecurity: Predictions for 2008
    • ]]>     Fri, 21 Dec 2007 21:00:00 +0000 log-file security predictions vendors taosecurity questions Links for 2007-12-21 [del.icio.us]     <![CDATA[Links for 2007-12-20 [del.icio.us]]]> http://securityratty.com/article/8ca6c2ba0dcf726e56935a95211e39b5 http://securityratty.com/article/8ca6c2ba0dcf726e56935a95211e39b5
  • TaoSecurity: Controls Are Not the Solution to Our Problem
    Controls are not the solution to our problem. Controls are the problem. They divert too much time, resources, and attention from endeavors which do make a difference. If the indications I am receiving from readers and friends are true, the ideas in this p
  • ha.ckers.org web application security lab - Archive » Why PCI Is Good For Business
    Perhaps in practice we’ll find that the end result is that we’ll stop seeing small hacks and start seeing a lot more huge ones to make up the difference in any improvement in security since we all know we can’t be 100% perfect in security. It’s an
  • Bruce Schneier Blazes Through Your Questions - Freakonomics - Opinion - New York Times Blog
  • Intel Open Port: Measuring the Return on IT Security Investments
  • Intel Open Port: IT@Intel Blog: Whitepaper - Measuring the Return on IT Security Investments
  • Security Thoughts: Just let me do my job!
  • High Tower Blogs &gt; Security Insights » Blog Archive » Doing Away with CIA
    Another omission from the classic CIA model is privacy. Privacy might superficially seem like a sub-topic under confidentiality, but privacy goes way beyond confidentiality. True, users’ data must be protected, and data protection is part of privacy,
  • High Tower Blogs &gt; Security Insights » Blog Archive » The “Fortress Mentality”
  • Intel Open Port: IT@Intel Blog: The Four Dirty Questions of Measuring Information Security
  • Rational Survivability: The Seesaw CISO...Changing Places But Similar Faces...
    've talked about the fact that "security" should be a business function and not a technical one and quite frankly what Dennis is hearing has been a trend on the uptick for the last 3-4 years as "information security" becomes less relevant and managing ris
  • Data And Application Security Will Drive Most Security Growth For The Next 3-5 Years | securosis.com
    Data And Application Security Will Drive Most Security Growth For The Next 3-5 Years
  • Definitions: Content Monitoring and Protection And Application and Database Monitoring and Protection | securosis.com
    Products that monitor all activity in a business application and database, identify and audit users and content, and, based on central policies, protect data based on content, context, and/or activity.
    • ]]>     Thu, 20 Dec 2007 21:00:00 +0000 security security investments application security information security application users data data data protection security growth Links for 2007-12-20 [del.icio.us]