SEARCH RESULTS
 
Showing 1-10 of 36 records
 
Expand article

Our Data, Ourselves

2008-05-15 18:00:00 by Bruce Schneier in Wired Security
 
...enforce data deletion, and limit data collection, where necessary. And we need more than token penalties for deliberate violations This is a tall order, and it will take years for us to get there. It's easy to do nothing and let the market take over. But as we see with things like grocery store club cards and click-through privacy policies on...
 
Tags: data, medical data, enforce data deletion, data shadow, limit data collection, limit, data banks, data controls, information brokers
 
 
 
 
Expand article

Whats next in Data Leakage Prevention - Keeping your barrels out of the water

2008-01-07 00:35:00 by Hugh Docherty in Data Protection, Management and Leakage
 
...enforce access rights, the use of encryption, retention schedules, and even a time for the data to self destruct. This data-centric approach will allow companies to enforce their paper polices on electronic data and reduce the risks associated with the growing volumes of unstructured data The best way to protect your data is to manage it....
 
Tags: data leakage prevention, data leakage, data, sensitive data resides, sensitive, data-centric approach, dlp, dlp vendors, electronic data
 
 
 
 
Expand article

The Other Side of Life

2008-03-21 16:06:00 by sdl in The Security Development Lifecycle
 
...enforce those trust boundaries I first encountered this in SQL when I helped review threat models for the database engine. The engine trusts that the data on the disk was written correctly by a trusted entity (with checksums to guard against random errors), and enforce that. Instead of a slavish adherence to the principle of total mediation...
 
Tags: team, product team, engineers, security engineers, security, balance security, security professional, test managers, test
 
 
 
 
Expand article

Report Card: 2007 Incite #8 - Identity Everywhere

2007-12-26 07:31:45 by Mike Rothman in Mike Rothman's blog
 
...enforce that as close to the network fabric as you can But the rest of the Incite was a bust. Mutual authentication is not really happening because the banks have no incentive to make it happen. Sure some of them are making a half-assed attempt to train their users about little marks or SiteKeys or something else, but these have had precious...
 
Tags: identity, incite, network, network equipment, identity network, identity-enable, identity information, incite link, incite deals
 
 
 
 
Expand article

Password policies. Once again.

2007-09-04 22:14:00 by Steve Riley in Steve Riley on Security
 
...enforce long simple passphrases, I suggest that a reasonable default for expiration is 120 days Windows begins notifying you 14 days before your password expires. You can change this time period through group policy. I was in a similar situation recently. Last month my domain password expired while I was in Australia for TechEd there. I could...
 
Tags: account, enable account lockout, password, account lockouts, disable account lockout, 42-day default expiration, default, expiration, password expires
 
 
 
 
Expand article

The Daily Incite - January 9, 2008

The Article has images
2008-01-09 05:45:46 by Mike Rothman in Mike Rothman's blog
...enforce the policies? AutoPlay is bad mojo and should be turned off (another Security Mike tactic). If this demo is so absolutely critical, he should do it on a different machine. Or do it in a virtualization environment on his corporate machine, so the other VM wouldn't connect to the Microsoft domain (and therefore not be subject to the...
 
Tags: security, security role, information security, security folks, top security news, news, security risk management, security technology, customer
 
 
 
 
Expand article

The Daily Incite - January 15, 2008

The Article has images
2008-01-15 10:17:31 by Mike Rothman in Mike Rothman's blog
...enforce the policies. I know it's harsh to think about a kid being expelled for inappropriate Internet use, but the reality is there is HUGE liability if kids are exposed to stuff their parents don't think is cool. Ask Julie Amero about that Link to this I've seen the enemy, and it is me So what? - As we head down to Mr. Rogers (Grimes)...
 
Tags: information security, information security officer, security, security processes, top security news, security program, security job, security officer, internet security
 
 
 
 
Expand article

The Daily Incite - January 28, 2008

The Article has images
2008-01-28 05:58:58 by Mike Rothman in Mike Rothman's blog
...enforce NERC So what? - The FERC has finally approved NERCs recommended set of cybersecurity standards . They've been working on this for years and everyone needed to have their say. In the meantime, it seems that a number of power outages have been specifically caused by online attacks. I haven't waded through the hundreds of pages of...
 
Tags: security, information security, application security, security software roll-up, security issue, security folks, top security news, security acquisitions, mobile device security
 
 
 
 
Expand article

Ethics of Autonomous Military Robots

2008-01-28 07:12:35 by schneier in Schneier on Security
 
...enforce the International Laws of War in the battlefield in a manner that is believed achievable, by creating a class of robots that not only conform to International Law but outperform human soldiers in their ethical capacity It is too early to tell whether this venture will be successful. There are daunting problems remaining The...
 
Tags: ethical, ethical constraint set, ethical robotic warfighter, ethics, ethical boundaries, international protocols, war tradition subscribes, war, international
 
 
 
 
Expand article

More trustworthy election systems via SDL?

2008-02-04 23:34:00 by sdl in The Security Development Lifecycle