SEARCH RESULTS
 
Showing 1-10 of 176 records
 
Expand article

What Are You Managing Towards? (And On Disproving Risk Management)

The Article has images
2008-06-03 14:41:11 by Alex in RiskAnalys.is
...ability to effect the probable frequency and magnitude of loss on an aggregate level, not just within the context of a discreet technical or policy issue That last point is important. And its related to my post today WHAT DO YOU MANAGE TOWARDS This blog is blessed to have some very smart people be part of it. There are security managers from...
 
Tags: management, risk management, term risk management, management focuses, management approach, risk management process, patch management, cost management, upper management
 
 
 
 
Expand article

Should We Treat Contractors The Same as Employees?

2008-03-26 13:47:43 by Alex in RiskAnalys.is
 
...ability to resist the force the threat agent applies (in FAIR, Vulnerability So what were really talking about is what strategies we can apply to reduce the Frequency of Loss Events for our populations (W2, 1099). Now for any threat community, we can do one of three things 1.) Reduce the Frequency of Contact This is really either blocking,...
 
Tags: threat, threat communities, threat agent applies, threat agents, threat event results, threat community, employees, risk tolerance, risk
 
 
 
 
Expand article

Article: Analytics Brief: Securing The New Data Center

The Article has images
2008-01-07 05:28:32 by Editor in Security Links
...ability to sign software makes it easier to determine that a system image has been altered and that it should be assumed to be compromised. Since the TPM is designed to be a tamper-proof hardware approach to encryption and software signing, it should help substantially in validating that software of all stripes hasnt been corrupted by malware...
 
Tags: virtual environment, environment, virtual appliances range, virtual appliances, security, tools, security tools, develop security, security holes
 
 
 
 
Expand article

Getting into the Flow With Threat Modeling

The Article has images
2007-10-11 23:25:00 by sdl in The Security Development Lifecycle
...ability and challenge Focused attention Lets take these one at a time Clear Goals Giving people clear goals is important because it helps take them from worrying about what your goals mean to worrying about how to achieve them. Without clear goals, its very challenging to get into the spirit of anything, whether playing a game or shipping an...
 
Tags: threat, people develop skills, people, challenge people, flow, sdl threat, entire threat model, threat model, guide people
 
 
 
 
Expand article

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle
 
...ability to monitor for CPU and memory spikes as well as enabling full page heap settings on all processes launched from the mini-debugger As a general rule, all exceptions must be triaged (reviewed) by the tester to determine if a bug needs to be filed. When fuzzing over a period of time however, we might generate hundreds of exceptions and...
 
Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions
 
 
 
 
Expand article

StillSecure's first branded NAC appliance

The Article has images
2008-02-05 19:37:26 by HASH0x8ba8070 in StillSecure, After All These Years
...ability. Vista testing is another. Post-connect integration with StillSecure Strata Guard as well as the ability to integrate with other IDS is another important feature. One of the most important is what we are calling Deep Checks. This gives us the ability to audit at a much deeper level for policy compliance. I will probably do a full...
 
Tags: stillsecure, nac, safe access, offer safe access, stillsecure appliances, nac functionality, stillsecure strata guard, dhcp nac, offer
 
 
 
 
Expand article

Do not dismiss the dangers of being stalked

2008-02-25 16:48:00 by John Sexton in The Bullet Proof Blog
 
...ability to enjoy life I often advise clients to have the stalkers handwriting examined and evaluated by a hand writing expert. On another case, the stalker had sent one of my clients several letters that had been computer generated but he had handwritten her address on the envelopes. I took the envelopes to a highly regarded hand writing...
 
Tags: stalkers mind, mind, stalkers, stalker, john lennons stalker, clients husband, stalkers dangerous, clients, stalkers ability
 
 
 
 
Expand article

The C-I-A Triad weighed and found wanting

The Article has images
2007-04-12 04:54:18 by Perry Carpenter in Security Renaissance
...ability) are being challenged and supplanted by a more inclusive model known as the Parkerian Hexad [1]. The Parkerian Hexad augments the traditional C-I-A triad by adding three elements. The result is a set of security principles comprised of six elements The six principles of the Parkerian Hexad are Confidentiality Integrity Availability...
 
Tags: information security, information, parkerian hexad, parkerian hexad model, control information, principles, security principles, personal health information, parkerian hexad augments
 
 
 
 
Expand article

What type of security do I need in my Virtual Network?

The Article has images
2008-02-24 14:18:29 by John Peterson in Security In The Virtual World
...ability In the previous picture, products were deploed in series and there was no VM to VM Patch Management, or VM to VM Intrusion Prevention or VM to VM Network Access Control. What you were able to get was VM to Physical Patch Management, Intrusion Prevention, etc With a product such as a Virtual Security Switch you get VM to VM everything...
 
Tags: security, switch, virtual switch, security switch, comprehensive security solution, comprehensive, solution, reflex, reflex security