SEARCH RESULTS
 
Showing 1-10 of 59 records
 
Expand article

The New Threat Modeling Process

The Article has images
2007-10-02 01:15:35 by sdl in The Security Development Lifecycle
...elements are so important to me. For now, let me describe the process One of the largest changes that weve made is to a simplified process (and diagram). I like to say that this looks pretty much like every other software process diagram you see today. Thats intentional. Theres only so much we can expect people to take away from a class, and...
 
Tags: process, threat, process validation entails, threat model, software process diagram, people, people trust boundaries, love threat, hamster wheel
 
 
 
 
Expand article

Why Some Terrorist Attacks Succeed and Others Fail

2008-02-28 06:25:13 by schneier in Schneier on Security
 
...elements can help alert an observant public and help a vigilant security apparatus recognize a potential cell of terrorist plotters Law enforcement or intelligence information sharing. Naturally, if security services are aware of an impending attack they will be better able to interdict it. The key, as stated above, is to recognize the value...
 
Tags: vigilant security services, vigilant, recent terrorist plots, terrorist plots, information fits, information, intelligence information, security services, law enforcement
 
 
 
 
Expand article

The C-I-A Triad weighed and found wanting

The Article has images
2007-04-12 04:54:18 by Perry Carpenter in Security Renaissance
...elements. The result is a set of security principles comprised of six elements The six principles of the Parkerian Hexad are Confidentiality Integrity Availability Possession Authenticity Utility The principles composing the Parkerian Hexad are non-overlapping; meaning that each principle is absolutely necessary to ensure that security is...
 
Tags: information security, information, parkerian hexad, parkerian hexad model, control information, principles, security principles, personal health information, parkerian hexad augments
 
 
 
 
Expand article

The DDoS Attack Against CNN.com

The Article has images
2008-04-22 19:30:53 by HASH0x8b2d1ec in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...elements each of us Mission hearts have a personal anger. Then we briefly look at the practice of France: France is now the largest in the protection of Tibetan independence, advocates in support of France is in support of splitting China, French President Sarkozy, the country is now the world just for a dare to openly resist Beijing Olympic...
 
Tags: ddos, ddos-ing cnn, cnn, ddos people, warfare, information warfare attack, attack, ddos attack, chinese script kiddies
 
 
 
 
Expand article

Opera Chickens Out Of EV-Purist Stance

2008-05-27 22:06:59 by Editor in Cheap Hack
 
...elements on the page were signed by an EV certificate. The more lenient standard enforced by IE and Firefox is to make it green when the top-level document is signed by an EV certificate, but other elements (like graphics) could be signed by lesser certificates. In either case, all elements need to be protected by modern SSL standards,...
 
Tags: opera, bar, famously paypal, modern ssl standards, elements, paypal, ditch browsers, top-level document, browser race
 
 
 
 
Expand article

The STRIDE per Element Chart

2007-10-29 23:06:46 by sdl in The Security Development Lifecycle
 
...Elements Another thing you might note is that the STRIDE chart is sorta vague. A process could be an exe, a .NET assembly, or an a.out executable running on Unix v7. Each of those will be vulnerable to different instantiations of threats. Your exe or a.out will be vulnerable to simple stack smashing overflows, but the .NET assembly wont be....
 
Tags: element chart, chart, stride, specific, specific threats, cve data, data, stride chart, threats
 
 
 
 
Expand article

Getting into the Flow With Threat Modeling

The Article has images
2007-10-11 23:25:00 by sdl in The Security Development Lifecycle
...elements that seemed to make threat modeling harder. The Wikipedia article (currently) has a good list, so Ill focus in on a few of them Clear goals Direct and immediate feedback Balance between ability and challenge Focused attention Lets take these one at a time Clear Goals Giving people clear goals is important because it helps take them...
 
Tags: threat, people develop skills, people, challenge people, flow, sdl threat, entire threat model, threat model, guide people
 
 
 
 
Expand article

Vulnerability Events

2008-03-30 17:20:05 by JonesJ in RiskAnalys.is
 
...elements, either because the threat elements are new to its landscape or it enters a threat landscape it didnt exist in before (more on this in a second Regardless of the cause, whenever available force becomes greater than the ability to resist, you have what can be referred to as a vulnerability event i.e., vulnerability now exists where it...
 
Tags: vulnerability, relative term, term, loss events occur, loss events, vulnerability events matter, loss, actual loss, relative term requires
 
 
 
 
Expand article

InfoSec 2008: Key takeaways from Europe's biggest security event

2008-04-30 08:43:01 by Thomas Raschke in Security & Risk Management
 
...elements Which of these cities (elements) will be biggest and most important almost entirely depends on where you are coming from as a vendor and what your primary differentiator is in the marketplace (nothing new here...). Sure, we will see more unified solutions and suites that contain most established security features. Sure, we will have...
 
Tags: data security, data, security, data security product, information security, information security event, security professionals, security managers, security folks
 
 
 
 
Expand article

What Happens When You Mix A Real Infection With A Mass Mail Hoax?