SEARCH RESULTS
 
Showing 1-10 of 130 records
 
Expand article

Your Companies Biggest Security Hole - What is the BGP-style Vuln Lurking in Software Security?

2008-09-05 08:31:58 by Gunnar Peterson in 1 Raindrop
 
...poor tool support, a mainframe mindset , silo projects, and a whole variety of reasons. But just because you choose to ignore a fact doesn't mean its not true. On the plus side, some of the open source ESBs are adding support for message security , so you can improve security and save your company money at the same time, what's not to like
 
Tags: security, security hole, security protocols, business, business runs, business transaction backbone, improve security, message security, enforces authorization policy
 
 
 
 
Expand article

House committee issues report and finds fault with TSA web site

The Article has images
2008-01-15 09:35:53 by Evan Francen in The Breach Blog
...poor acquisition practices, conflicts of interest, and inadequate oversight The report finds TSA awarded the website contract without competition TSA gave a small, Virginia-based contractor called Desyne Web Services a no-bid contract to design and operate the redress website. According to an internal TSA investigation, the Statement of...
 
Tags: tsa, website, website contract, traveler redress website, tsa moved quickly, security breach, information security breach, security vulnerabilities, multiple security vulnerabilities
 
 
 
 
Expand article

Your Turn At The Bar Again? Security Costs in a Pay Per Drink Cloud

The Article has images
2008-05-01 20:55:26 by Craig Balding in Cloud Security
...poor design or implementation are problems only the vendor can address. Site specific issues arise through all kinds of madness - customers failing to read the label and provision properly, insufficiently trained people making poor configuration choices or simply relying on the default settings in a very non-default environment The negative...
 
Tags: security costs, costs, runtime security costs, security runtime costs, security, security tool, security tool inefficiency, security tools plays, plays
 
 
 
 
Expand article

A coward exposes personal information on 40% of Chileans

The Article has images
2008-05-16 13:56:50 by Evan Francen in The Breach Blog
...poor levels of data protection in Chile Evan] What idiot would pull such a stunt and claim such a ridiculous justification In a note accompanying the files, Anonymous Coward said he posted the databases to draw attention to the poor data protection measures in the country Evan] This is the worst way to draw attention to poor data protection....
 
Tags: personal, information, chilean residents, residents, poor data protection, data protection, personal data, breach description, breach
 
 
 
 
Expand article

Taming of the Information Security

2008-07-09 06:33:00 by RaviC in Musings on Information Security
 
...poor security decisions. Using security as a mechanism to gain control rather than using it as a tool to reduce risk can only diminish the perceived value of security initiative. Implementing security as an afterthought rather than building it into the framework not only result in poor architectural decision. Security investment is more like...
 
Tags: information security, information security field, information security bar, information security program, security, information security technology, poor security decisions, information security grows, companys security initiative
 
 
 
 
Expand article

Model Validation - Not Just for Quants

2006-12-26 05:10:00 by Jomni in Risk Management Quant
 
...poor governance of the wider modeling process, or by a poor understanding of the assumptions and limitations surrounding the model results, rather than by errors in equations The growing importance of models in helping executives answer some of bankings most critical questions from compliance and capital adequacy to business performance and...
 
Tags: model validation, bank, senior bank executives, compliance, regulatory compliance reasons, purely quantitative endeavor, bank losses, poor, article recently
 
 
 
 
Expand article

So much to read, so little time - Top Information Security Risks for 2008

2008-01-16 13:32:00 by Ryan Shopp in practical risk management
 
...poor information security studies, risk assessments, projects/assignments and/or staffing/organization, causing failed, wasted, excessive or otherwise inadequate controls and practices selection, implementation, performance measurement, monitoring and/or auditing." Wow, that's a mouthful! But this is exactly what IT GRC is all about. Through...
 
Tags: controls, highlights non-technical controls, risks, section, controls section, quality controls, document, primary summary document, risk
 
 
 
 
Expand article

Mike R on "DLP"

2008-02-27 17:04:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...poor man's DLP" or "good enough DLP using other technologies I plan to outline just such a plan: poor man's DLP using logs. Yes, it will suck :-), but it will be free, not "$500,000". What can I say, 'Welcome to the world of " good enough technology About me: http://www.chuvakin.org
 
Tags: dlp, data leak prevention, mike, plan, poor, technologies, world, stalls, logs
 
 
 
 
Expand article

Why Some Terrorist Attacks Succeed and Others Fail

2008-02-28 06:25:13 by schneier in Schneier on Security
 
...Poor terrorist operational security (OPSEC). The case studies indicate that even plots that are otherwise well-planned and operationally sound will fail if there is a lack of attention to OPSEC. Security services cannot "cause" poor OPSEC, but they can create the proper conditions to capitalize on it when it occurs Observant public and...
 
Tags: vigilant security services, vigilant, recent terrorist plots, terrorist plots, information fits, information, intelligence information, security services, law enforcement