SEARCH RESULTS
 
Showing 1-10 of 14 records
 
Expand article

OnStar Offers a Model for IT Security

2008-03-07 11:08:35 by Posted By: John Pescatore, VP Distinguished Analyst in IT Leaders - Security and Risk Management
 
...phases: before the crash, during the crash and after the crash. Another way to look at this is preventing/avoiding the crash, surviving the crash and recovering after the crash. GM designs features into cars in each of those phases (anti-lock brakes to avoid crashes, chassis design and airbags that reduce injury during the crash, and so on)....
 
Tags: processes, critical business processes, onstar, critical business, crash, remote safety, crash scene, safety, auto safety
 
 
 
 
Expand article

Why Some Terrorist Attacks Succeed and Others Fail

2008-02-28 06:25:13 by schneier in Schneier on Security
 
...phases. While safeguards and controls at airports and rail stations are critical, they are most effective when coupled with factors that can be leveraged to detect the plot in the planning stages. These factors include Poor terrorist operational security (OPSEC). The case studies indicate that even plots that are otherwise well-planned and...
 
Tags: vigilant security services, vigilant, recent terrorist plots, terrorist plots, information fits, information, intelligence information, security services, law enforcement
 
 
 
 
Expand article

Chipotle Mexican Grill employee information on USi stolen laptop

The Article has images
2008-04-26 22:39:08 by Evan Francen in The Breach Blog
...phases of vendor relationships (need definition, negotiation, contractual language, etc.) just as it is at all phases of software development Commentary Well, I wonder if this is the last company affected by this single stolen USi laptop Past Breaches Chipotle Unknown USinternetworking April, 2008 - Stolen USinternetworking laptop also...
 
Tags: information, information security, confidential information, usi, information security improvement, chipotle, information security policies, chipotle information, evan
 
 
 
 
Expand article

Borderline Security

2008-01-29 00:00:00 by Dr. Ari Juels in Speaking of Security, the RSA Blog and Podcast
 
...phases out drivers' licenses as border-crossing documents for the U.S I've heard two starkly contrasting opinions on the security of the PASS card
 
Tags: passport card, card, pass card, pass, air travel, poor cousin, federal government, standard passport, travel document
 
 
 
 
Expand article

"Crawling" Toward SDL

2008-03-06 22:13:00 by sdl in The Security Development Lifecycle
 
...phases, but I would take some time to think through testing even while crawling to ensure you are getting broad enough coverage for your application. James article highlights the three-pronged approach to security testing we use at Microsoft. You should use these three approaches to ensure your own fuzz testing is comprehensive 1. Attacks...
 
Tags: sdl, security, perform security analysis, application security, application, applications security, security issues, issues, non-microsoft sdl engagements
 
 
 
 
Expand article

Stolen University Health Care laptop requires notification of 4800

The Article has images
2008-03-14 10:39:01 by Evan Francen in The Breach Blog
...phases One thing that is worth mentioning, we (meaning information security personnel) must go through the arduous task of data inventory and classification if we are to be effective. We should know what confidential information we create, collect, store, transfer, and/or destroy. We need to know where confidential information is throughout...
 
Tags: information, information assets, personal information, confidential information, information security governance, patients information, university, sensitive information, information security personnel
 
 
 
 
Expand article

What is 802.1X? Here's a Technology Primer for You

2008-04-02 03:10:42 by JJ in Security Uncorked
 
...phases In the wireless world, 802.1X is the chosen authentication method to provide enhanced key exchange and rotation for a more secure wireless experience. In fact, its been so widely adopted for this use, that its commonly mistaken for a wireless standard (802.11 instead of 802.1 How does it work? Without dragging up a bunch of terminology...
 
Tags: edge port, edge, edge ports, network access control, network access, wireless standard, standard, standard network traffic, network
 
 
 
 
Expand article

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive
 
...phases of an application's lifecycle Design Deployment Runtime The paper uses the OWASP top-10 as the basis for measure and comes up with metrics that will tell us how we're doing against it The goal of metrics should be, where possible, to create objective measures of something. Whereas some of the metrics described in the paper are quite...
 
Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security
 
 
 
 
Expand article

The Business Case for WAFs + Testing

2008-06-19 18:09:06 by Bill in Grumpy Security Guy
 
...phases of rewriting the application in .NET (yeah) with an estimated completion date 1.5 years out After seeing our report (100+ SQLi and 300+ XSS ) and after a protracted developer battle(yes XSS is not good) they where left with two not good options Lose the customer Stop the rewrite and spend a few months digging through old code to fix...
 
Tags: application, web application security, security, massive application, mod security, web application firewall, web site security, robust solution, solution
 
 
 
 
Expand article

Software makes virtual servers a moving target

2008-06-19 00:00:00 by Tim Greene in Network World on Security