SEARCH RESULTS
 
Showing 1-10 of 20 records
 
Expand article

Wrapping up Threat Modeling

2008-02-14 22:51:35 by sdl in The Security Development Lifecycle
 
...defines the functional requirements of your component), your design specification (a development spec that defines the architecture that is required to implement the functional specification), and your test plan (a test spec that defines how you plan on ensuring that the design as implemented meets the requirements of the functional...
 
Tags: threat, threat modelers, threat models, threat model, design, design specification, specification, set, challenges set people
 
 
 
 
Expand article

Myth vs. reality: Wireless SSIDs

2007-10-16 07:08:58 by Steve Riley in Steve Riley on Security
 
...defines WPA2, discussed later) even states that a computer can refuse to communicate with an access point that doesn't broadcast its SSID. And, even if you think your SSID is hidden, it really isn't. Let me explain All 802.11 wireless networks, regardless of the kind of operating system or encryption you might use, also emit unencrypted...
 
Tags: simple ssid discovery, network, ssid, wireless network, networks, enterprise networks, wireless networks, mac, secure networks
 
 
 
 
Expand article

On Guanxi

2008-01-16 18:50:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...defines "Guanxi" it as "basic dynamic in personalized networks of influence" ( here ), while Stratfor says "many U.S. and other Western businesses, however, simply regard guanxi as corruption It seems like this thing has some pretty darn peculiar security implications ... especially this part of the Stratfor piece : "Chinese business ethics,...
 
Tags: guanxi, simply regard guanxi, stratfor, stratfor piece, long-term relationships, non-chinese company, chinese business ethics, relationships, company
 
 
 
 
Expand article

Logs = Accountability!

2008-01-17 13:49:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...defines it as " Accountability is a concept in ethics with several meanings. It is often used synonymously with such concepts as answerability , enforcement, responsibility , blameworthiness, liability and other terms associated with the expectation of account-giving Yes, there are many other mechanisms of accountability in an organization,...
 
Tags: logs, accountability, technorati tags, due, log management, organization, wikipedia defines, resources, responsibility
 
 
 
 
Expand article

Group defines cyberattack prevention rules for nation's power grid

2008-01-17 00:00:00 by Ellen Messmer in Network World on Security
 
The Federal Energy Regulatory Commission in Washington, D.C., today approved eight Critical Infrastructure Protection standards for the physical- and cybersecurity of the electric-power grid, in spite of concerns from industry about the expense of replacing older equipment that can't be patched
 
Tags: electric-power grid, expense, industry, washington, physical-, cybersecurity, concerns, equipment, spite
 
 
 
 
Expand article

Who should do your security audits? Or, how do you organize the security department?

2008-02-07 22:25:32 by Steve Riley in Steve Riley on Security
 
...defines an organization's security architecture, creates policies and procedures, and ultimately takes responsibility for stewarding the integrity of the organization's information assets. The security alignment group spends time understanding the needs and drivers of the various business units, and advocates the business units' positions in...
 
Tags: information, information assets, information security, alignment folk, security alignment folk, information security department, alignment, security department, security
 
 
 
 
Expand article

Enabling hierarchical nant builds

2008-03-07 05:49:00 by Keith Brown in Security Briefs
 
...defines a bunch of properties, like where the output directories for the overall build live, where the tools live, and so on. And that works fine when I run the build from the root. The properties get defined, all the child scripts are run with tasks, and they see those properties. But if I want to drill down into the tree and run one of the...
 
Tags: nant, root script defines, script, root, task, simple nant task, root nant project, return path, return
 
 
 
 
Expand article

More Log Management Questions - Answered!

2008-05-23 16:04:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...defines log retention, log review practices, etc. NIST 800-92 Guide to Security Log Management [PDF] is a good source of info on this subject Enjoy Technorati tags: log management , logging About me: http://www.chuvakin.org
 
Tags: log management, log, defines log retention, log policy, log management tool, log management program, infrastructure logs, logs, log messages
 
 
 
 
Expand article

So now everyone is an IT GRC vendor

2008-06-01 21:35:00 by Ryan Shopp in practical risk management
 
...defines your being. IT-GRC (short for Information Technology Governance, Risk & Compliance) is a term that started gaining momentum about a year ago. At that time Gartner, Forrester, EMA and other research analyst firms started using it to describe exactly what Securityworks does. Next thing you know customers are achieving tangible results...
 
Tags: technology, single product, technology company, product, itgrc, security, it-grc, itgrc products, security products