SEARCH RESULTS
 
Showing 1-10 of 99 records
 
Expand article

10 Myths About Life As An IT Security Professional

The Article has images
2008-04-25 23:08:41 by Craig Balding in Security Wannabe
...development, social engineering, physical security, cryptography, crisis management, disaster recovery, 3rd party security reviews etc etc You get to bark security orders . Some people feel that holding a security policy in their hand means they get to call the shots. Do this on a regular basis and not only is it counterproductive but its a...
 
Tags: security, company security policy, security policy, technical security skills, technical security, policy, security professional, platform specific security, cool
 
 
 
 
Expand article

The Arizona Office of the Auditor General finds plenty of holes

The Article has images
2008-06-23 12:28:27 by Evan Francen in The Breach Blog
...develop and implement procedures for regularly conducting security reviews of their critical Web-based applications. [Evan] Even though it seems like its the same story in company after company, I am still amazed by how many organizations don't know what or how many applications that have (not to mention servers, clients, routers, switches,...
 
Tags: information, information security officer, personal information, information security staffs, confidential information, information security, university information, sensitive information, sensitive
 
 
 
 
Expand article

UPDATES GALORE! or, THE PRONOUN WE MEANS YOU AND ME!

2008-08-13 15:24:17 by Alex in RiskAnalys.is
 
...developed a very nice document that reviewed something like 18 different risk assessment methodologies against their Criteria for Goodness. FAIR was one of the ones they reviewed, and we (the royal we used there to include all us FAIR-Folk) did awfully well. Things of interest They based their work on the current introduction paper which is...
 
Tags: risk, risk assessment methodologies, security forum, forum, magic-fairy risk, risk standards, fair, risk-world, fair similarly helps
 
 
 
 
Expand article

Article: Analytics Brief: Securing The New Data Center

The Article has images
2008-01-07 05:28:32 by Editor in Security Links
...develop security and management strategies as they develop deployment plans for virtualization New threats to security come on two fronts. The first and most obvious is the additional software footprint represented by virtualization. On the desktop, virtualization is often implemented as an application that runs as a process under a desktop...
 
Tags: virtual environment, environment, virtual appliances range, virtual appliances, security, tools, security tools, develop security, security holes
 
 
 
 
Expand article

Who should do your security audits? Or, how do you organize the security department?

2008-02-07 22:25:32 by Steve Riley in Steve Riley on Security
 
...developing policies and without having some mechanism to measure compliance. That's the role of the auditing function -- to measure compliance. If we all agree that policies are good, then we should all agree that checking up on ourselves is also good So, then, who should conduct the audits? For comparison, let's examine a typical software...
 
Tags: information, information assets, information security, alignment folk, security alignment folk, information security department, alignment, security department, security
 
 
 
 
Expand article

Money for nothin, code for free - if you don't own the copyright you could be in Dire Straits

2008-03-19 01:45:00 by HASH0x8aede64 in StillSecure, After All These Years
 
...develop it themselves or hope to develop a community to continue development, but I haven't seen that pulled off very often, if at all To stay with Bob's money for nothin theme, if he does not protect against this, Untangle could find themselves in dire straits
 
Tags: software untangle, software, core software, source security software, commercial, commercial product, source, source code, larger commercial customers
 
 
 
 
Expand article

Do you listen to your users?

2008-04-04 21:18:17 by Editor in Security x.0
 
...development of more secure technologies their top design priority . We urge the industry, through selfregulation and codes of best practice, to demonstrate its commitment to this principle. (4.38 8.15. We therefore recommend that the Government explore, at European level, the introduction of the principle of vendor liability within the IT...
 
Tags: internet, personal internet security, software, content control software, software vendors, users, software liability, club, ilkley computer club
 
 
 
 
Expand article

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive
 
...develop a sustainable metric. A necessary assurance component to be sure, but not necessarily the first metric I'd focus on if I'm asking the question "How secure is my app?" I'm loathe to rely on testing for the bulk of my metrics A few of the metrics above are unmeasurable or inappropriate I think. Its hard for me to imagine how we'd...
 
Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security
 
 
 
 
Expand article

The Stigma Enigma, Revisited

2008-08-27 14:58:56 by Christopher Boyd in SpywareGuide Greynets Blog
 
...develop different kinds of toolbars -- and without fail -- it is the US-based companies that seem most willing to cross the line and request applications that I simply refuse to develop We're talking about features like Forced Install Hidden Install Report all URLs back Report all searches back Forcibly and hidden set home page Forcibly and...
 
Tags: toolbars imaginable, toolbars, forcibly, install, toolbar, applications, contrast bills experiences, companies, toolbar system