SEARCH RESULTS
 
Showing 1-10 of 28 records
 
Expand article

So Logically, If She Weighs The Same As A DuckShes A Witch!

The Article has images
2008-09-18 14:59:47 by Alex in RiskAnalys.is
...outcome of that new-fangled Bayesian thing COGNITIVE BIAS A-PLENTY But back to what Rich is saying there about information security and risk - and he isnt/wont be the only one saying these sorts of things - we should try to understand whats really going on rather than get caught up in the emotional hurricane. Our profession suffers several...
 
Tags: risk, financial risk, poor risk management, operational risk, outcome, exploit outcome, probability, qualitative models, models
 
 
 
 
Expand article

McIrony: An unexpected response from McAfee

2008-08-30 13:04:00 by Russ McRee in HolisticInfoSec.org
 
...outcome, and worry less about press cycles or exposure, the 15 minutes of fame if you will. He pointed to people like Mark Dowd as an example of people who conduct crushingly good research, and steer clear of the petty, ego driven bulls**t There I sat, repose like the thinking man , frozen for minutes. "Nate", I said, "I think you're right...
 
Tags: mcafee, mcafee secure, negative security research, research, mcafee secure product, security, security research community, information security professional, positive outcome
 
 
 
 
Expand article

Self Incrimination or Privacy

2008-01-27 22:32:43 by RSnake in ha.ckers.org web application security lab
 
...outcome it can end up being a bad thing. I wish I could call this one a cut and dry case. But either way the outcome will be worth finding out about because either it will be a matter of imprisonment for contempt or a safe haven for anyone doing anything illegal. This will be a landmark case for our industry in many ways, for good or for bad...
 
Tags: bad, bad taste, pretty torn, pretty, furry fetish, washinton post, child pornography, time, outcome
 
 
 
 
Expand article

Quick risk assessment tips

2008-04-02 04:00:00 by Stuart King in Stuart King's Security and Risk Management Blog
 
...outcomes are you most concerned about? For instance, compromised private data, or intellectual property theft are examples of "bad outcomes." - What vulnerability has been identified? For instance, is it an application bug or maybe it's an errant back-up process. - How do you assess the level of threat. In other words, what is the likelihood...
 
Tags: process, errant back-up process, bad outcome, assessment, bad outcomes, decent tools, view, tools, intellectual property theft
 
 
 
 
Expand article

How to Sell Security

2008-05-26 05:57:29 by schneier in Schneier on Security
 
...outcome. Some people prefer sure things and others prefer to take chances. Whether the outcome is a gain or a loss doesn't affect the mathematics and therefore shouldn't affect the results. This is traditional economics, and it's called Utility Theory But Kahneman's and Tversky's experiments contradicted Utility Theory. When faced with a...
 
Tags: security, loss, risky loss, risky larger loss, gain, risky larger gain, security purchase, directly, security directly
 
 
 
 
Expand article

Hansei and the CISO

The Article has images
2008-09-16 17:47:47 by Alex in RiskAnalys.is
...outcome of that risk register (and the models used to create it) it might not actually be useful WHAT IS NEEDED FOR REFLECTION So what is needed for this sort of CISO-level Hansei The CISO must understand the Current State of Nature turn that into a State of Knowledge and use that to create a State of Wisdom CREATING A STATE OF NATURE FOR THE...
 
Tags: risk management requires, risk management, risk, hansei, risk register, program, manage risk, manage, adrians program diagram
 
 
 
 
Expand article

Lloyds TSB warning may panic some customers

The Article has images
2008-01-05 00:47:26 by Evan Francen in The Breach Blog
...outcome This also reminds me of my days working for a major U.S. bank years ago. I worked on the Threat & Vulnerability team, which I would assume isn't too much different from Lloyds TSB's Fraud Response Team. We detected and responded to thousands of suspicious activity reports, intrusion detection alerts, phishing reports, etc. We never...
 
Tags: lloyds, lloyds tsb customers, customers, lloyds tsb, lloyds tsb passwords, internet login details, internet, information, information security professionals
 
 
 
 
Expand article

Authorization vs. Business Logic

2008-01-09 05:37:00 by Keith Brown in Security Briefs
 
...outcome of the method to be slightly different depending on the user's security context? Perhaps you're going to use the value of some claim to customize the output, or limit your actions somewhat depending on that context? I've often argued that it's an oversimplification to say that you can factor out all authorization logic from a method,...
 
Tags: business logic, logic, authorization, authorization logic, factor, method, easily factor, security context, security
 
 
 
 
Expand article

Select Medical Corporation charged by the Texas Attorney General

The Article has images
2008-01-11 16:20:31 by Evan Francen in The Breach Blog
...outcome Other companies that the Texas State Attorney General has taken action against include; Minnesota-based Life Time Fitness, CVS Pharmacy, RadioShack, CNG Financial Corporation, and EZPAWN and EZMONEY Loan Services Past Breaches Unknown
 
Tags: clients personal information, personal information, sensitive personal information, information, sensitive medical information, customers sensitive information, texas attorney, texas, attorney
 
 
 
 
Expand article

"Blocking" vs Logging: Which is A Better Deterrent?

2008-01-15 11:11:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...outcome About me: http://www.chuvakin.org
 
Tags: policy, policy outcome, deterrent, access logs, obsession, lists, employees, consequences, quote