SecurityRatty: tag: osterman

The Trouble with Threat Modeling

2007-09-26 19:11:00 by sdl in The Security Development Lifecycle

...Osterman made that point, unintentionally in Threat Modeling Again, Presenting the PlaySound Threat Model , where he said Let's look at a slightly more interesting case where threat modeling exposes an issue. Youch! But as I wrote in a comment on that post, What you've been doing here is walking through a lot of possibilities. Some of those...

Tags: threat, threat models, threat model, reasons threat, service threat, term threat, threat effectively, playsound threat model, development process

Threat Modeling Self Checks and Rules of Thumb

2007-10-22 21:04:01 by sdl in The Security Development Lifecycle

...Osterman has some in his blog post, " Threat Modeling Rules of Thumb " I helped edit those, but want to suggest additional changes. In particular, you need to be concerned is not actionable. Review this carefully, or Focus your attention here are more actionable. People threat modeling are already concerned Good rules of thumb encourage flow...

Tags: thumb, threat, rules, people threat, data, people, data sinks, thumb encourage flow, actual software

The New Threat Modeling Process

2007-10-02 01:15:35 by sdl in The Security Development Lifecycle

...Osterman describes in this post Essentially, the elements are External entities (anything outside your control Processes (running code Data stores (files, registry entries, shared memory, databases Data flows (which connect all the other elements b. Draw trust boundaries between components. You can do this on a whiteboard, in Visio, or in...

Tags: process, threat, process validation entails, threat model, software process diagram, people, people trust boundaries, love threat, hamster wheel

STRIDE chart

2007-09-11 23:18:00 by sdl in The Security Development Lifecycle

...Osterman is a longtime MS veteran , currently working in Windows audio. He's been a threat modeling advocate for years, and has been blogging a lot about our new processes, and describes in great detail the STRIDE per element process. His recent posts are " Threat Modeling, Once Again ," " Threat modeling again. Drawing the diagram ," "...

Tags: threat, stride, windows, windows source code, web site, stride mitigations, code, user, remote internet user

Wrapping up Threat Modeling

2008-02-14 22:51:35 by sdl in The Security Development Lifecycle

...Osterman was writing about threat modeling , he casually tossed out A threat model is a specification, just like your functional specification (a Program Management spec that defines the functional requirements of your component), your design specification (a development spec that defines the architecture that is required to implement the...

Tags: threat, threat modelers, threat models, threat model, design, design specification, specification, set, challenges set people

More Threat Modeling at Microsoft

2008-03-19 06:47:33 by schneier in Schneier on Security

This is another excellent series of posts on threat modeling, this time from Microsoft's Adam Shostack. (I already blogged this series by Larry Osterman

Tags: excellent series, series, threat, larry osterman, adam shostack, microsoft, time, posts

What to Ask When Evaluating Messaging Security Systems

2008-04-23 13:00:00 by Editor in Computerworld Security News

...Osterman Research paper outlines a number of factors to consider when evaluating competing email security appliances and explains how Sunbelt Software's Ninja Blade is solution worth short listing

Tags: sunbelt software, threats, email threats, solution worth short, email security appliances, security infrastructure, ninja blade, source, deploy

The Impact of Messaging and Web Threats

2008-04-23 13:00:00 by Editor in Computerworld Security News

...Osterman Research paper to learn how organizations must implement a layered defensive strategy to protect against all types of threats and how Sunbelt Software can help

Tags: threats, sunbelt software, osterman research paper, defensive strategy, organizations, source, types, protect, users

A Guide to Understanding Messaging Archiving

2008-04-23 13:00:00 by Editor in Computerworld Security News

...Osterman Research white paper discusses the several reasons to implement a messaging archiving system and provide an overview of Sunbelt Software's offering focused squarely on the archiving space

Tags: sunbelt software, decision makers cite, email storage, storage, source, system, reasons, implement, space

Customer Satisfaction with Email Archiving Systems

2008-07-18 13:00:00 by Editor in Computerworld Security News

...Osterman Research conducted a primary survey asking organizations about a variety of archiving systems. The purpose of this research was simply to understand the level of satisfaction that customers of Sunbelt Exchange Archiver (SEA) and other email archiving offerings report on a variety of metrics related to product and vendor performance....

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo