SEARCH RESULTS
 
Showing 1-10 of 390 records
 
Expand article

Audit/Monitor Controls or Audit/Monitor BEFORE Control?

The Article has images
2008-02-28 11:38:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
Back in 2004, Forrester paper called " The Natural Order Of Security Yields The Greatest Benefits " proclaimed that "the adoption of security has a natural order: 1) authentication; 2) authorization; 3) administration and 4) audit ." Note that audit which, in this case, broadly includes audit, monitoring and detection, comes last. It seems to be...
 
Tags: audit, broadly includes audit, broadly, includes, audit whatsoever, full-blown audit capability, paper, paper clarifies, controls
 
 
 
 
Expand article

US Government Won't Cede Control Over DNS Root Zone

2008-08-01 10:54:13 by Editor in Cheap Hack
 
In a letter to ICANN Board chairman Peter Dengate-Thrush Meredith A. Baker, Acting Assistant Secretary for Communications and Information in the Commerce Department's NTIA (National Telecommunications and Information Administration) has declared that the US government has no plans to yield the control it now has over changes to the Internet's...
 
Tags: control, dns root zone, baker, joint project agreement, agreement, baker letter pulls, letter, internet dns derives, internet
 
 
 
 
Expand article

The role of control depth in assessment quality

2007-09-12 12:17:00 by Bryan in practical risk management
 
A client yesterday shared an interesting observation with me. We're doing a security assessment for them, and were asking some pretty in-depth questions about physical security surrounding their data center. This client had recently gone through an external SOX audit, and was surprised that many of the questions we asked about physical security...
 
Tags: audit, external sox audit, physical security, security audit, questions, pretty in-depth questions, dig deeper, control, surface
 
 
 
 
Expand article

Take Back Control of Your Personal Data: 50 Tips

2008-06-11 01:54:04 by Dave Lewis in Liquidmatrix Security Digest
 
Here is a rather interesting article from the site, Inside CRM. This article deals with a host of ways that you can take back control of your personal info From Inside CRM Internet scams, phishing, identity theft and other attacks that exploit your personal data are always a threat when you shop online, set up an email account, use a credit...
 
Tags: personal data, online bank account, online, article deals, secure web browser, web browser, article, shop online, internet scams
 
 
 
 
Expand article

AEP left high and dry moves to ID access control

2008-07-15 12:33:01 by HASH0x8b1e598 in StillSecure, After All These Years
 
AEP had been a victim of the NAC fallout. They made a bad bet on an OEM partner to provide them with NAC technology. When that NAC vendor went belly up, so did AEPs NAC product as a result. Now Tim Greene reports that AEP has come out with a new device that while not strictly a NAC product, does more identity access control and does not seem to...
 
Tags: aeps nac product, product, nac product, aep, oem partner, ssl vpn type, appliance, oem partners demise, article
 
 
 
 
Expand article

Remote Code Execution Vulnerability In The ActiveX Control For The Microsoft Access Snapshot Viewer Added Into Neosploit

2008-07-19 17:12:33 by CyberInsecure in CyberInsecure.com
 
More than two weeks ago Microsoft released a Security Bulletin outlining a vulnerability in the Access Snapshot Viewer ActiveX control. Microsoft began investigating active, targeted attacks leveraging this potential vulnerability. Recently, Symantec honeypots began detecting the vulnerability in the Access Snapshot Viewer ActiveX control...
 
Tags: microsoft, vulnerability, potential vulnerability, weeks ago microsoft, neosploit toolkit, symantec honeypots, neosploit wrapper, security bulletin, recently
 
 
 
 
Expand article

RBAC Standard Rationale: Comments on "A Critique of the ANSI Standard on Role-Based Access Control"

2008-01-07 09:15:52 by Editor in IEEE Security and Privacy
 
As the authors of the original proposal for the role-based access control (RBAC) standard and developers of the models from which it derives, the authors respond here to Ninghui Li, Ji-Won Byun, and Elisa Bertino's critique, which also appears in this issue. This is an opportune time in the revision cycle to introduce proposals for changes to...
 
Tags: standard, access control, authors respond, authors, revision cycle, critique, rbac, introduce proposals, ji-won byun
 
 
 
 
Expand article

What Constitutes A $7B Control Failure?

2008-01-25 16:01:33 by Chris McClean in Security & Risk Management
 
The media yesterday ( Wall Street Journal , Associated Press , Economist , etc.) were all over 31-year-old Jérôme Kerviel, the trader at Frances Société Générale who has apparently confessed to fraudulent trades resulting in an estimated loss of roughly $7.2 billion In further coverage , we hear that the bank has apologized to share...
 
Tags: wall street journal, control failure, risk, 31-year-old jrme kerviel, companys risk management, story, kerviel, story reminds, coverage
 
 
 
 
Expand article

Identity-based access-control appliance debuts

2008-03-31 00:00:00 by Ellen Messmer in Network World on Security
 
AEP networks announces identity-based access-control appliance
 
Tags: access-control appliance, aep networks announces