SEARCH RESULTS
 
Showing 1-10 of 45 records
 
Expand article

Wrapping up Threat Modeling

2008-02-14 22:51:35 by sdl in The Security Development Lifecycle
 
...convince me.) This brings me to the topic of what words we use to describe things On language The English language] becomes ugly and inaccurate because our thoughts are foolish, but the slovenliness of our language makes it easier for us to have foolish thoughts. The point is that the process is reversible. Modern English, especially written...
 
Tags: threat, threat modelers, threat models, threat model, design, design specification, specification, set, challenges set people
 
 
 
 
Expand article

Vote but Verify

2007-09-07 19:56:11 by Liudvikas Bukys in Liudvikas Bukys
 
...convince him, as he edited out my most provocative snide political shots and left in some of my more reasoned comments As a security person, I must point out that if machines do not produce a reliable auditable record, then all you have is a fait accompli fraud-blessing device. Thats the short version of the security argument Im willing to go...
 
Tags: all-electronic systems, systems, all-electronic, paper audit trail, all-electronic paperless approaches, security geek consensus, research topic, consensus, nist
 
 
 
 
Expand article

Protect your data: everything else is just plumbing

The Article has images
2007-07-02 20:46:32 by Steve Riley in Steve Riley on Security
...convince Phil to give her a copyread access also permits copying. If Phil were particularly malicious, he could modify his copy of the document first. You see, network-based access control works only so long as the protected object remains within the network. As soon as someone opens the file, the local copy in the computers memory obeys no...
 
Tags: data security, comrms data security, data, security, confidential information, information, information security, temporary data, data vanishes
 
 
 
 
Expand article

Reliability Vs. Security

2007-12-07 16:46:00 by sdl in The Security Development Lifecycle
 
...convinced me that we in the security community are missing out on decades of research in fault and failure analysis that would serve us well. And I think the reverse is true too, that by our example, reliability can be better embedded into the development lifecycle to drive improvements and better protect customers I look forward to ISSRE 08,...
 
Tags: folks, reliability folks deal, reliability, reliability folks, security, bugs, reliability bugs, reliability analysis, software reliability
 
 
 
 
Expand article

The Austin Project

2008-01-21 22:45:39 by RSnake in ha.ckers.org web application security lab
 
...convince someone it should count), no class of 40 people, no canned demonstrations. This is just a chance for you to sit with me for a week and talk about whatever it is you want to talk about in an collaborative environment. I dont want five people from the same company showing up. Thats not the goal here. The goal is for you to meet other...
 
Tags: people, competent people, project, helps people focus, austin project, austin project web-page, security, web application security, site
 
 
 
 
Expand article

Davidson Companies illegal network intrusion exposes clients

The Article has images
2008-02-01 14:51:54 by Evan Francen in The Breach Blog
...convince another person to click on a link or open a browser. Often what seems to be very sophisticated is often very simple. Does that sound like Confucius Davidson Companies has many procedures and policies in place to protect client information, Johnstone added The company reportedly hired a penetration testing company last September to...
 
Tags: davidson, clients, davidson companies president, davidson companies clients, sensitive personal information, davidson login page, personal information, davidson companies, davidson trust
 
 
 
 
Expand article

Benevolent Worms

2008-02-19 06:57:11 by schneier in Schneier on Security
 
...convince people to install patches and system updates; you use technology to force them to do what you want And that's exactly why it's a terrible idea. Patching other people's machines without annoying them is good; patching other people's machines without their consent is not. A worm is not "bad" or "good" depending on its payload. Viral...
 
Tags: software worms spread, worms, software, bad software distribution, worm, successful worm, beneficial worms, software distribution mechanism, worm quieter
 
 
 
 
Expand article

Maslow's heirarchy of security posture?

The Article has images
2007-07-08 17:22:32 by RaviC in Musings on Information Security
...convince customers about security]. These are the companies that are drafting a security architecture and working toward Basic Security posture 3. Basic Security - These are companies that have the knowledge that "Security Exists" and have acted to make sure that there is basic security to protect their intellectual property. These are mostly...
 
Tags: security posture, basic security posture, security, basic security, security practices, handle security incidents, security exists, security components, security program
 
 
 
 
Expand article

The Feeling and Reality of Security

2008-04-08 05:50:01 by schneier in Schneier on Security
 
...convince us to spend money on a new type of home burglar alarm, we as society will know pretty quickly if he's got a clever security device or if he's a charlatan; we can monitor crime rates. But if that same person advocates a new national antiterrorism system, and there weren't any terrorist attacks before it was implemented, and there...
 
Tags: trade-offs, security trade-offs based, trade-offs intelligently, security trade-offs endemic, security trade-offs wrong, security trade-offs, security, endemic, security matches
 
 
 
 
Expand article

The Feeling and Reality of Security

2008-04-08 05:50:01 by schneier in Schneier on Security
 
...convince us to spend money on a new type of home burglar alarm, we as society will know pretty quickly if he's got a clever security device or if he's a charlatan; we can monitor crime rates. But if that same person advocates a new national antiterrorism system, and there weren't any terrorist attacks before it was implemented, and there...
 
Tags: trade-offs, security trade-offs based, trade-offs intelligently, security trade-offs endemic, security trade-offs wrong, security trade-offs, security, endemic, security matches