SEARCH RESULTS
 
Showing 1-10 of 41 records
 
Expand article

SDL and "End to End Trust"

2008-04-17 00:15:00 by sdl in The Security Development Lifecycle
 
...broader discussion on trust . Allow me to draw some analogies with some of my prior work In the late 1990s, I was not yet working on computer security but on computer speech recognition and speech synthesis for Microsoft. Having an engineering background, I was (and still am) very interested in the opportunities and possibilities enabled by...
 
Tags: trust, broader, broader discussion, trust portal, technology, technology progress, broader vision, speech recognition, computer speech recognition
 
 
 
 
Expand article

Q&A with Doug McClure: Is BSM Lite the Answer?

The Article has images
2008-07-15 00:02:59 by Julia Lim in ScienceLogic
...broader portfolio ScienceLogic: Does BSM Lite just refer to the tools, or can it refer to the process and methodology as well Doug McClure: I think that BSM is as much a philosophy as it is technology, process, people and methodology. If we can get people to think, operate and respond differently than they do today with a focus on the...
 
Tags: lite, bsm heavy, bsm heavy directions, bsm, outcomes, expect lite outcomes, bsm lite approach, approach, bsm heavy solution
 
 
 
 
Expand article

Cyber espionage something to worry about?

2007-12-14 15:48:00 by Khalid Kark in Security & Risk Management
 
...broader international operation to glean military secrets from Western nations. New Zealand Prime, Minister Helen Clark, confirmed that foreign intelligence agencies had tried to hack into government computer networks, but had not compromised top-secret data banks. The Chinese government has denied any involvement 3. In its annual report to...
 
Tags: computer networks, government computer networks, networks, government, chinese government, american government agencies, cyber espionage, china, government agencies
 
 
 
 
Expand article

Top Five Intriguing Ideas for Authentication in 2008

2007-12-10 00:00:00 by Sean Kline in Speaking of Security, the RSA Blog and Podcast
 
...broader strategy Organizations still make decisions on how to authenticate requests (often users) based on individual applications, infrastructure deployments or regulatory requirements. This is one of the contributors to a "quilt of security doilies", to paraphrase the CTO of a top bank who I met recently. Point security solutions have...
 
Tags: strategy, information risk management, organizations, broader strategy, increasingly adopt frameworks, authentication, individual applications, security doilies, controls
 
 
 
 
Expand article

Summer School on Trusted Infrastructure

2007-08-07 00:00:00 by Burt Kaliski in Speaking of Security, the RSA Blog and Podcast
 
...broader research opportunity RSA now has as part of EMC (as I described in my podcast on my new role) is this month's 1st Asia-Pacific Summer School on Trusted Infrastructure Technologies , which will be held in Guangdong, China. Dr. Wenbo Mao, who recently joined EMC to lead our new research center in Beijing, and his team have put together...
 
Tags: excellent international program, wenbo mao, emc, infrastructure technologies, research center, top students, lead, held, month
 
 
 
 
Expand article

Keeping up with global regulations

2007-12-28 14:03:48 by Chris McClean in Security & Risk Management
 
...broader national interests The interesting issue here is not the level of enforcement, but the inability of companies to keep track of legislation applying to them. This article quotes a KPMG spokesperson referring to a study that found that nearly half of respondent didnt know that the FCPA applied to their operations, specifically...
 
Tags: companies continue, bribery, anti-bribery rules, operations, compliance platforms, companies, expand operations overseas, compliance management platforms, forrester
 
 
 
 
Expand article

Review of My 2007 Security Predictions: Too Wimpy

2007-12-23 15:46:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...broader intellectual property (IP) theft and loss will continue largely unabated. Will we, the security community, try to stop it? Of course, but nowhere near hard enough Status Check VII : This has definitely gotten worse, as predicted. TJX? VA? UK events? Many others? And yes, it was hilariously obvious to say this PVIII. Compliance: but of...
 
Tags: status check iii, status check, status check viii, security, security predictions, status check vii, check, predictions, status
 
 
 
 
Expand article

Common Criteria and answering the question 'Is it Safe'

2007-12-20 16:57:00 by sdl in The Security Development Lifecycle
 
...broader commercial acceptance, and so I thought Id share some of those thoughts here. Currently, Common Criteria fails to meet customer needs as a useful indicator of the likelihood of security vulnerabilities in software At a very fundamental level, when someone in either the private sector or from a government agency considers purchasing...
 
Tags: criteria, fails, common criteria fails, common criteria, common criteria arguably, common, arguably, arguably deficient, security
 
 
 
 
Expand article

Reliability Vs. Security

2007-12-07 16:46:00 by sdl in The Security Development Lifecycle
 
...broader topic: is security more difficult to achieve than reliability? Afterwards, a gaggle of professors from five continents and practitioners from Saab, Ericsson, Microsoft, Cisco, IBM and Google debated the matter from the halls of the conference to the pubs in the Trollhattan city center Here are two points discussed at length during the...
 
Tags: folks, reliability folks deal, reliability, reliability folks, security, bugs, reliability bugs, reliability analysis, software reliability
 
 
 
 
Expand article

The Trouble with Threat Modeling

2007-09-26 19:11:00 by sdl in The Security Development Lifecycle
 
...broader set of people during development Validation Once a team had started threat modeling, they had trouble knowing if they were doing a good job. Had they done enough? Was their threat model a good representation of the work they had done, or were planning to do? When we asked people to draw diagrams, we didnt tell them when they could...