SEARCH RESULTS
 
Showing 1-10 of 18 records
 
Expand article

Security is not all about Security Updates

2007-12-17 12:58:00 by sdl in The Security Development Lifecycle
 
...holistic and include Education Secure design and attack surface reduction Threat modeling Secure coding requirements (note the word, "requirements" not "best practices Static analysis tools Testing requirements End-user security documentation Response Planning In a nutshell, this is a high-level view of SDL process The next goal of the SDL is...
 
Tags: security, end-user security documentation, security response, fix security bugs, response, security fix, implementation vulnerabilities, vulnerabilities, security feature development
 
 
 
 
Expand article

Top Five Intriguing Ideas for Authentication in 2008

2007-12-10 00:00:00 by Sean Kline in Speaking of Security, the RSA Blog and Podcast
 
...holistic approach to implementing their strategy
 
Tags: strategy, information risk management, organizations, broader strategy, increasingly adopt frameworks, authentication, individual applications, security doilies, controls
 
 
 
 
Expand article

Speaking of Security Podcast #78

2007-10-01 00:00:00 by Podcast Producers in Speaking of Security, the RSA Blog and Podcast
 
...holistic view of risk related to information across the enterprise
 
Tags: information risk management, risk, information, senior manger, financial institution, holistic view, risks lie, rsa announces, boston
 
 
 
 
Expand article

SmartWater Works

2008-01-21 12:17:39 by schneier in Schneier on Security
 
...holistic approach increases the deterrent factor substantially When scored out of ten by respondents in regard to deterrent value, SmartWater was awarded the highest average score (8.3 out of a score of 10) compared to a range of other crime deterrents. CCTV scored 6.2, Burglar Alarms scored 6.0 and security guards scored 4.9 Of course, we...
 
Tags: smartwater, smartwater products, deterrent, smartwater postersign, reasonable deterrent, deterrent factor, study, strong, strong deterrent effect
 
 
 
 
Expand article

In-depth investigation with computer forensics

2008-02-12 00:00:00 by HASH0x8bba50c in Network World on Security
 
Despite new security threats, such as smarter malware, compliance and proof of best endeavor requirements, the desire for a holistic security strategy that covers everything from policy to prevention is currently not being met by the security industry
 
Tags: holistic security strategy, endeavor requirements, security threats, smarter malware, security industry, compliance, prevention, desire, proof
 
 
 
 
Expand article

Encryption defeated, still an advocate?

The Article has images
2008-02-22 16:15:15 by Evan Francen in The Breach Blog
...holistic discipline that is about defense in depth, continual analysis and improvement, systems and backup systems, threats, countermeasures, etc. etc. This is just another attack vector that wasn't widely known or accepted until now. I am still an advocate for using full disk encryption (and encryption in general) as good information...
 
Tags: encryption, disk encryption software, encryption software, information security field, information, hard drive encryption, disk encryption, text information, encryption keys
 
 
 
 
Expand article

Maslow's heirarchy of security posture?

The Article has images
2007-07-08 17:22:32 by RaviC in Musings on Information Security
...holistic program to mitigate business risk due to information security breach. They have well defined security policies and security procedures. They have security awarenes program for employees. They audit their security practices against standards [such as ISO 27001, COBIT]. These are companies that are ISO 27001 compliant or heading in...
 
Tags: security posture, basic security posture, security, basic security, security practices, handle security incidents, security exists, security components, security program
 
 
 
 
Expand article

Stolen NHS flash drive contained adolescent information

The Article has images
2008-03-06 11:23:26 by Evan Francen in The Breach Blog
...holistic discipline. We strive to take into account all risks to unauthorized information disclosure, modification and destruction. While encrypting laptops is recommended as part of an overall information security strategy, it is equally important to remember the goal of the information security program and protect the information in all...
 
Tags: information, personal information, medical information, information security, confidential information, information security strategy, nhs, information disclosure, information security program
 
 
 
 
Expand article

"Crawling" Toward SDL

2008-03-06 22:13:00 by sdl in The Security Development Lifecycle
 
...holistic application security solution provided by SDL In my mind, to start crawling toward SDL, you need to execute on some of the core principles. They obviously need to be low-cost and effective. So, I want to summarize these into three components 1. Detailed awareness of your architecture and its attack surface 2. Tools that will...
 
Tags: sdl, security, perform security analysis, application security, application, applications security, security issues, issues, non-microsoft sdl engagements
 
 
 
 
Expand article

K.I.S.S. the castle (analogy) good-bye! Okay, done - now what?

2008-03-30 12:50:51 by Thomas Raschke in Security & Risk Management
 
...holistic concept of modern security and risk management Fact is, that we as security professionals struggle to explain to non-security folks what it is we are doing and why we are doing what we are doing. A bit of insurance talk, a sprinkle of metrics, lots of tech explanations, and certainly a huge portion of scare tactics are still our most...
 
Tags: castle, castle metaphor, security, non-security folks, analogy, todays security, castle simply, network security, used-to-death castle analogy