SecurityRatty: tag: frameworks

A new blog on the block

2008-05-16 23:36:19 by HASH0x8af0bbc in StillSecure, After All These Years

...frameworks and standards - Whether it be TCG/TNC or NAP in the NAC world or CVE and FDCC in vulnerability management, we support industry wide standards and frameworks which allow products to work with each other. SNMP traps, SMTP email alerts are all standard in StillSecure products 3. Enterprise Integration Frameworks- StillSecure products...

Tags: blog, stillsecure products, products, stillsecure, 3rd party products, labs, interop labs, interop, dave

Review of My 2007 Security Predictions: Too Wimpy

2007-12-23 15:46:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...frameworks that you can choose to comply with (ISO17799/270001, COBIT, ITIL, etc) - will they take off like a rocketship or remain steadily interesting to some? Only time will tell Status Check VIII: PCI DSS continued to rage (despite TJX and other faux pas :-)), even some retailer backlash was seen. On the voluntary side, some say ITIL is...

Tags: status check iii, status check, status check viii, security, security predictions, status check vii, check, predictions, status

My 2008 Security Predictions!

2008-01-09 15:42:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...frameworks = maybe ( again ); they likely won't be 'hot,' at least not in the US; ad hoc approach (with some use of ideas from the above frameworks) to security management will still rule Risk management Will we know what risk management actually is in the context of IT security = no . Some people (e.g here ) might, but not the majority. And...

Tags: security, security predictions, broader information security, information security, smb security, virtual security appliances, security market, security solutions, security software

2008 - The Year of IT Risk Management?

2008-01-04 13:23:00 by Ryan Shopp in practical risk management

...frameworks (OCTAVE, FAIR, etc.) combined with the maturity of IT and governance frameworks (CoBIT, ITIL) and the readiness of the business and IT/Security cultures to accept risk management as a language and actionset with which they need to be conversant will yield huge benefits this year snip Well said (but then again I'm biased

Tags: risk management, risk management moves, risk, risk management strategy, accept risk management, management, risk assessment framework, security, information security

Information flow tracing and software testing

2007-09-17 09:32:00 by Niels Provos in Google Online Security Blog

...frameworks have to be this complicated. Fuzz testing originally relied on purely random data, ignorant of specific threats and known dangerous input. Today, this approach is often overlooked in favor of more complicated techniques. Early sanity checks in applications looking for something as a simple as a version number may render testing...

Tags: input, flayer marks, initial input samples, flayer, fuzz, fuzz testers require, checks, dynamic analysis framework, sanity checks

Top Five Intriguing Ideas for Authentication in 2008

2007-12-10 00:00:00 by Sean Kline in Speaking of Security, the RSA Blog and Podcast

...frameworks like Information Risk Management to assess which threats to mitigate, inventory the types of controls (including authentication) that they need and take a more holistic approach to implementing their strategy

Tags: strategy, information risk management, organizations, broader strategy, increasingly adopt frameworks, authentication, individual applications, security doilies, controls

Common Criteria and answering the question 'Is it Safe'

2007-12-20 16:57:00 by sdl in The Security Development Lifecycle

...frameworks on how to define safe that usually factor in some of the following considerations 1) Value of protected assets 2) Assumptions about the sophistication of and level of resources available to an attacker. Defining attacker can cover a spectrum that ranges from a well intentioned but misguided employee to people we commonly think of...

Tags: criteria, fails, common criteria fails, common criteria, common criteria arguably, common, arguably, arguably deficient, security

Getting into the Flow With Threat Modeling

2007-10-11 23:25:00 by sdl in The Security Development Lifecycle

...frameworks we could use to address problems in threat modeling. My choice to use it was a driven by its striking absence. Flow isnt the only framework for thinking about these things, and there are some criticisms associated with trying to shoehorn everything into flow. For threat modeling, it just seemed to wellflow

Tags: threat, people develop skills, people, challenge people, flow, sdl threat, entire threat model, threat model, guide people

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle

...frameworks When fuzzing file parsers, we monitor for both handled and unhandled exceptions in the application under test. Exceptions are events that typically represent error conditions encountered during the execution of an application. They can be generated both by the hardware (initiated by the CPU) and/or software (initiated by the...

Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo