SEARCH RESULTS
 
Showing 1-10 of 173 records
 
Expand article

Vendors aren't changing focus, you were just blissfully unaware

2008-05-08 08:09:41 by HASH0x8902444 in StillSecure, After All These Years
 
...focus from concentrating on the tech geeks to focusing on the business decision maker. Michael's proof is rather subjective, but revolve around the fact that when he was a geek not in management, vendors use to wine and dine him to influence him to support their technology and tell his boss to buy their products. As he moved up to become a...
 
Tags: sales teams, emc sales teams, business, business stakeholder, people, sales people, sales, vendors, michael
 
 
 
 
Expand article

Crypto-Gram Tenth Anniversary Issue

2008-05-15 11:13:10 by schneier in Schneier on Security
 
...focus has changed. Initially, it was all cryptography. Then, more computer and network security. Then -- especially after 9/11 -- more general security: terrorism, airplanes, ID cards, voting machines, and so on. And now, more economics and psychology of security. My career has been a progression from the specific to the general, and...
 
Tags: crypto-gram, crypto-gram entries, blog online, blog, security products, snake-oil security products, blog entries, crypto-gram format, format
 
 
 
 
Expand article

Shimel Wants To Sell You A Dead Parrot. On An Iceberg. Slathered In GRC

2008-05-15 15:38:28 by rmogull in securosis.com
 
...focus is an unfortunate reality that distracts from real security, but he thinks GRC tools offer at least a partial solution to this problem GRC is a needed tool in todays security practitioners tool kit. They are being placed in the position to ensure compliance and they need the ability to do so. They also need help getting the budget...
 
Tags: grc, grc tools offer, tools, grc vendors, security tools, confuse grc, grc trap, compliance, grc tool
 
 
 
 
Expand article

Giving SQL Injection the Respect it Deserves

2008-05-15 18:45:00 by sdl in The Security Development Lifecycle
 
...focus on what the first set of users, the Web site operators, can do to protect themselves The fact that the malicious payload was so generic shows that the science of SQL injection has not taken a back seat to research in other vulnerability types, such as buffer overflows or cross-site scripting issues I think the first lesson from this...
 
Tags: sql, sql injection bug, sql injection requirements, sql injection attack, sql server, sql execute-only permission, malicious sql payload, sql injection, sql injection vulnerability
 
 
 
 
Expand article

Getting into the Flow With Threat Modeling

The Article has images
2007-10-11 23:25:00 by sdl in The Security Development Lifecycle
...focus threat modeling, and how Ive applied it The concept of flow originated with Mihaly Csikszentmihalyi. It refers to a state where people are energetically involved with what theyre doing. Seeing this a few times during threat modeling sessions made it obvious when it was missing, and it was missing often. I set out to address some of the...
 
Tags: threat, people develop skills, people, challenge people, flow, sdl threat, entire threat model, threat model, guide people
 
 
 
 
Expand article

Interview With Mike Rothman, Part 2

2008-02-20 15:00:00 by rmogull in securosis.com
 
...focus on data security, or information-centric security, depending on who you talk to. You do predict greater focus on database security in 2008, but whats your opinion for the long haul? Will we migrate away from networks and hosts as the focus of security? Or is there too much momentum with too many big companies tied to our current model...
 
Tags: database security, database security market, security, security world, security model, security tone-deaf, host security, security professionals, data loss prevention
 
 
 
 
Expand article

The Daily Incite - January 7, 2008

The Article has images
2008-01-07 09:35:00 by Mike Rothman in Mike Rothman's blog
...focus on the road and not who did what to whom or who's not sharing what with the others. It makes the trip go a lot faster for me, and since it's all about me - that's a good thing Until my iPod blew up. Actually, it didn't blow up - it just died. 15 months after I bought it. Totally dead. Good night. The day before my 10+ hour car trip. A...
 
Tags: security, security house, information security, security professionals, top security news, chief security officer, security vendors, internet security, security mike
 
 
 
 
Expand article

The Daily Incite - March 27, 2008

The Article has images
2008-03-27 09:13:04 by Mike Rothman in Mike Rothman's blog
...focus on only one narrow aspect of endpoint protection can survive for long. I guess if you can get some big ISPs to bundle the stuff (though it's hard to grow at $1 per seat) or sucker a Big Security company to OEM the offering (anti-bot anyone?), but that still doesn't seem long lived to me, or a big market opportunity. Looks like more...
 
Tags: confidential information, information, information security, security, security folks, top security news, internet security, security business, socks
 
 
 
 
Expand article

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive
 
...focus on if I'm asking the question "How secure is my app?" I'm loathe to rely on testing for the bulk of my metrics A few of the metrics above are unmeasurable or inappropriate I think. Its hard for me to imagine how we'd measure AnomalousSessionCount appropriately. Seems like if we had proper instrumentation for detecting these as...
 
Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security