SEARCH RESULTS
 
Showing 1-10 of 29 records
 
Expand article

The STRIDE per Element Chart

2007-10-29 23:06:46 by sdl in The Security Development Lifecycle
 
...chart in the sixth post of my threat modeling series. Id like to talk about where its from, some of the issues that come with that heritage, and how you might customize it in your own threat modeling process Michael Howard and Shawn Hernan did an analysis of our bulletins and some CERT and CVE data. Their goal was to validate work they'd done...
 
Tags: element chart, chart, stride, specific, specific threats, cve data, data, stride chart, threats
 
 
 
 
Expand article

STRIDE chart

2007-09-11 23:18:00 by sdl in The Security Development Lifecycle
 
...chart that we use. It's part of how we teach people to go from a diagram to a set of threats. We used to ask them to brainstorm, and have discovered that that works a lot better with some structure Property Threat Definition Example Authentication S poofing Impersonating something or someone else Pretending to be any of billg,...
 
Tags: threat, stride, windows, windows source code, web site, stride mitigations, code, user, remote internet user
 
 
 
 
Expand article

Benefit of Security and Privacy Collaboration

The Article has images
2007-10-25 22:39:00 by jrjones in Jeff Jones Security Blog
...chart leapt out at me and I wanted to share it and get further thoughts from you I don't have Ben's pretty charts, but I was able to dig around and find a chart with some of the information that Ben displayed (from Microsoft Security and Privacy Research page, if you want to see the full results and other research The summary of the chart is...
 
Tags: security, collaboration, privacy research page, chart, research, chart leapt, microsoft security, rsa europe, poor collaboration
 
 
 
 
Expand article

Getting into the Flow With Threat Modeling

The Article has images
2007-10-11 23:25:00 by sdl in The Security Development Lifecycle
...chart, which Ive redrawn from Csikszentmihalyis book, Flow The ideal learning experiences involve a balance of challenge and reward, each of which grows as you learn. For example, when you buy Halo, theres a training mission that allows you to run around doing simple tasks, learning the controls. If we dropped people into the live online game...
 
Tags: threat, people develop skills, people, challenge people, flow, sdl threat, entire threat model, threat model, guide people
 
 
 
 
Expand article

The First Step on the Road to More Secure Software is admitting you have a Problem

2008-02-21 14:26:00 by sdl in The Security Development Lifecycle
 
...chart really hits home the fact that statistics can be used to prove any side of any argument Of course he says Windows is the best, that's what he's paid to do Counting vulnerabilities is a natural way to measure security. If you're a retard The other big reason linux is more secure is many black hats LOVE open source principles Can someone...
 
Tags: vulnerabilities, reduce security vulnerabilities, fewer security vulnerabilities, security vulnerabilities, source security bugs, bugs, major microsoft products, microsoft products, security
 
 
 
 
Expand article

The psychology of risk perception

The Article has images
2007-02-24 10:04:37 by Perry Carpenter in Security Renaissance
...chart, from his article, speaks volumes Conventional Wisdom About People and Risk Perception This chart just scratches the surface of the overall content in his article. I encourage you to check it out We see examples of this in our lives and in the media everyday. One of the things that we have to guard against, as security professionals,...
 
Tags: risk perception, risk, bruce, article, bruce schneier kick, examine risk, ultimately gain trust, peoples irrational fears, speaks volumes
 
 
 
 
Expand article

Communicating about risk - part 1

The Article has images
2008-05-05 18:12:14 by JonesJ in RiskAnalys.is
...charts below (Ive included both a qualitative and a quantitative version At first glance, a decision maker might think This doesnt look so bad. I can live with this level of risk . But thats not necessarily the whole story Unstable conditions An unstable risk condition exists when the following characteristics co-exist Threat event frequency...
 
Tags: risk, effective, cost-effective risk management, fragile condition exists, condition, unstable condition, risk qualifiers, risk condition, risk chart perspective
 
 
 
 
Expand article

Communicating about risk - part 2

The Article has images
2008-05-20 16:22:24 by JonesJ in RiskAnalys.is
...charts similar to the one below used to communicate risk. On one axis we have Impact, and on the other we have Likelihood. Well save a discussion regarding Impact for another post, but in this post Id like to point out a couple of subtle but important limitations with the term likelihood Likelihood connotes the probability of an event...
 
Tags: risk, managements risk tolerance, enterprise risk tolerance, risk tolerance, likelihood, risk analysis, likelihood connotes, lines, likelihood statement refer
 
 
 
 
Expand article

Article: Analytics Brief: Securing The New Data Center

The Article has images
2008-01-07 05:28:32 by Editor in Security Links
...chart below of responses filtered for no plan in place Theres little doubt that virtualization is an important and disruptive technology that will, in a relatively short period, change the face of the data center. Because virtualization is so disruptive, it also will clearly change the rules for how enterprises secure their data and their...
 
Tags: virtual environment, environment, virtual appliances range, virtual appliances, security, tools, security tools, develop security, security holes
 
 
 
 
Expand article

Microsoft Security Intelligence Report - 1st Half 2007

The Article has images
2007-10-23 16:35:43 by jrjones in Jeff Jones Security Blog