SEARCH RESULTS
 
Showing 1-10 of 11 records
 
Expand article

The STRIDE per Element Chart

2007-10-29 23:06:46 by sdl in The Security Development Lifecycle
 
...prescriptive guidance as to what threats to look for, and how to effectively mitigate them Customizing the Chart for Your Threats The chart is centered on our needs at Microsoft. Those may not be your needs. Perhaps youre building a threat modeling process to focus on voting. You can get much more specific about what a process is, and what...
 
Tags: element chart, chart, stride, specific, specific threats, cve data, data, stride chart, threats
 
 
 
 
Expand article

Obstacles For Information Security & Risk Management

The Article has images
2008-03-06 13:51:34 by Alex in RiskAnalys.is
...prescriptive ISMS and flexible governance is a grey area that needs more separation of hue, more direct study of how and why Governance, Risk and Compliance can and should work together to protect not just consumer data, but the interests of the data owners 2. Relying on technology to solve problems I dont think I need to write a ton about...
 
Tags: risk, lesser category, demings lesser category, obstacles, operational risk, data, consumer data, industry, prescriptive isms
 
 
 
 
Expand article

Critical thinking

2008-04-21 14:42:28 by Alex in RiskAnalys.is
 
...prescriptive standards and best practices that try to portray the risk landscape as black and white (well-structured) when its clearly shades of grey (open-ended). To be fair, non-prescriptive standards and best practices play an important role as directional references compasses so-to-speak. But even a really good compass cant always account...
 
Tags: single correct answer, critical, correct answer, solution, single, cost-effective solution, standards, yellow traffic signal, account
 
 
 
 
Expand article

Making Threat Modeling Work Better

The Article has images
2007-10-17 00:23:53 by sdl in The Security Development Lifecycle
...prescriptive than the one about flow. It explains exactly how and why I changed a couple of elements of the process. The first is the brainstorming meeting, and the second is the way trust boundaries may be placed The brainstorming meeting is a mainstay of expert threat modeling. Its pretty simple: you put your security experts in a room with...
 
Tags: threat, process, process helps ensure, developers threat model, database design process, security, trust boundaries, threat model, security experts
 
 
 
 
Expand article

The Trouble with Threat Modeling

2007-09-26 19:11:00 by sdl in The Security Development Lifecycle
 
...prescriptive in how we advise people to approach the problem. Some people are great at think like an attacker, but others have trouble. Even for the people who are good at it, putting a process in place is great for coverage, assurance and reproducibility. But the experts dont expose the cracks in a process in the same way as asking everyone...
 
Tags: threat, threat models, threat model, reasons threat, service threat, term threat, threat effectively, playsound threat model, development process
 
 
 
 
Expand article

WCF Security Guidance from P&P

2008-04-04 06:09:00 by Keith Brown in Security Briefs
 
...prescriptive guidance modules for WCF Security How Tos Our How Tos give you step by step instructions for performing key tasks How To - Create and Install Temporary Certificates in WCF for Message Security During Development How To - Create and Install Temporary Certificates in WCF for Transport Security During Development How To -...
 
Tags: wcf, wcf security, authentication, username authentication, windows forms, host wcf, windows authentication, message security, sql role provider
 
 
 
 
Expand article

RSA Impressions - 2: Compliance "Megatrends"

2008-04-08 17:47:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...prescriptive" and it got turned into a mindless checklist (losing the original intent of improving security). She also disliked that PCI compliance evaluation is bad: based on a "dumb" control checklist, not on measuring effectiveness of "meaningful controls." I think this is true to some extent; but I'd hate to blame it on PCI DSS standard...
 
Tags: security, information security, change security, data change, data, panel, bus107 panel session, pci dss standard, data volume
 
 
 
 
Expand article

Waiting for "EuroSOX"

2008-04-03 11:41:37 by Posted By: Carsten Casper, Research Director in IT Leaders - Security and Risk Management
 
...prescriptive U.S. legislation by ensuring that proper risk management is in place focusing on high-risk areas, enforcing segregation of duties and automating key controls. But learning, not copying, is the key here
 
Tags: sox, eurosox, j-sox, internal controls, europe, key, proper risk management, key controls, noncompliant enterprises
 
 
 
 
Expand article

WCF Security Guidance from P&P

2008-04-04 12:09:00 by keith-brown in Security Briefs
 
...prescriptive guidance modules for WCF Security How Tos Our How Tos give you step by step instructions for performing key tasks How To - Create and Install Temporary Certificates in WCF for Message Security During Development How To - Create and Install Temporary Certificates in WCF for Transport Security During Development How To -...
 
Tags: wcf, wcf security, authentication, username authentication, windows forms, host wcf, windows authentication, message security, sql role provider
 
 
 
 
Expand article

WCF Security Guidance from P&P

2008-04-04 12:09:00 by keith-brown in Security Briefs
 
...prescriptive guidance modules for WCF Security How Tos Our How Tos give you step by step instructions for performing key tasks How To - Create and Install Temporary Certificates in WCF for Message Security During Development How To - Create and Install Temporary Certificates in WCF for Transport Security During Development How To -...
 
Tags: wcf, wcf security, authentication, username authentication, windows forms, host wcf, windows authentication, message security, sql role provider