SEARCH RESULTS
 
Showing 1-10 of 75 records
 
Expand article

Basel II Implementation in the Philippines

2006-08-15 01:17:00 by Jomni in Risk Management Quant
 
...implementation of the revised capital adequacy framework. The latest version of the framework is very much in line with Basel II . Major changes that are expected to have significant impact on the ratios would be the addition of an operational risk capital charge and the revision of the risk weight for Philippine government foreign currency...
 
Tags: philippines, basel, bsp philippines, framework, capital adequacy framework, credit risk weight, risk weight, bsp, book exposures
 
 
 
 
Expand article

Case Study: Simplified DR Planning and Implementation

2008-05-05 13:00:00 by Editor in Computerworld Security News
 
Source: Dell & VMWare) LifeLink Foundation needed to provide business continuity and DR of critical transplant related information to multiple locations and needed to manage DR planning and implementation in a hurricane zone. Learn how VMware & EqualLogic worked together to implement two remote sites providing consolidated virtual storage,...
 
Tags: provide business continuity, vmware, critical transplant, hurricane zone, virtual storage, lifelink foundation, implementation, remote sites, multiple locations
 
 
 
 
Expand article

Giving SQL Injection the Respect it Deserves

2008-05-15 18:45:00 by sdl in The Security Development Lifecycle
 
...implementation, and test. The SDL is a holistic process that covers the software lifecycle end-to-end, so don't mistake these simple rules as a guarantee that you will avoid SQL injection problems. You need to understand the situations in which the rules apply. You may find, for example, that string concatenation is the best - or perhaps only...
 
Tags: sql, sql injection bug, sql injection requirements, sql injection attack, sql server, sql execute-only permission, malicious sql payload, sql injection, sql injection vulnerability
 
 
 
 
Expand article

More on Application Security Metrics

2008-05-08 20:05:00 by Security Retentive in Security Retentive
 
...Implementation Defects I hadn't gotten good answers up to this point because measuring those internally during the development process is a constantly moving target. If your testing methodology is always changing, then its hard to say whether you're seeing more or fewer defects of a given type than before, especially as a percentage. That is,...
 
Tags: defects, fundamental design defects, fewer defects, architectural defects, implementation defects, security, application, security design, software developers
 
 
 
 
Expand article

Common Criteria and answering the question 'Is it Safe'

2007-12-20 16:57:00 by sdl in The Security Development Lifecycle
 
...Implementation vulnerabilities software that exposes risk based on implementation deficiencies 3) Deployment vulnerabilities software that was misconfigured in deployment as to expose risk that might have been prevented by other configurations Lets talk about each of these in the context of Common Criteria For classes of products where...
 
Tags: criteria, fails, common criteria fails, common criteria, common criteria arguably, common, arguably, arguably deficient, security
 
 
 
 
Expand article

Users continue to ignore security policies, while security organizations are overlooking non-technical controls

The Article has images
2007-12-13 12:37:00 by Ryan Shopp in practical risk management
...implementation. It revealed that 6 are technical controls and 4 are non-technical controls. Meanwhile, the second graphic (figure 3 in the article - see below) showed the bottom 10 related to quality of implementation. It revealed that 3 are technical while 7 were non-technical So just running crude number here shows 11 of those 20 were...
 
Tags: non-technical controls, technical controls, security, controls, aka non-technical controls, non-technical, quality, quality security controls, technical
 
 
 
 
Expand article

How Secure is Secure?

2008-05-08 16:46:00 by sdl in The Security Development Lifecycle
 
...implementation vulnerabilities and by some estimates as high as 70-80%. (Some cases are questionable and we debate if they are truly implementation issues vs. design issues hence this metric isnt precise, but still useful). I have also heard similar ratios described in casual discussions with other software developers. In other words, most...
 
Tags: security metrics, software security metrics, implementation vulnerabilities, potential implementation vulnerabilities, metrics, secure, software, discretionary security protection, security protection
 
 
 
 
Expand article

Security is not all about Security Updates

2007-12-17 12:58:00 by sdl in The Security Development Lifecycle
 
...implementation of security process improvements at Microsoft. They are not service packs, and this is where I need to make a critically important point about the SDL. To gain the full impact and benefit of the SDL, you must apply the SDL to a product at its inception . With the exception of Windows XP SP2, (which was a security-focused...
 
Tags: security, end-user security documentation, security response, fix security bugs, response, security fix, implementation vulnerabilities, vulnerabilities, security feature development
 
 
 
 
Expand article

House committee issues report and finds fault with TSA web site

The Article has images
2008-01-15 09:35:53 by Evan Francen in The Breach Blog
...implementation of systems to ensure compliance with the Federal Information Security Management Act (FISMA) and the Privacy Act, 5 U.S.C. 552a. In addition to design and implementation standards, the CISO ensures that the systems are secured against unauthorized use through the use of a layered, defense-in-depth security approach involving...
 
Tags: tsa, website, website contract, traveler redress website, tsa moved quickly, security breach, information security breach, security vulnerabilities, multiple security vulnerabilities