SecurityRatty: tag: reasonable

Some Comments on PayPal's Security Vulnerability Disclosure Policy

2007-11-27 18:07:00 by Security Retentive in Security Retentive

...reasonable timeframe is slightly vague because we don't want to over-promise on how quickly we can resolve an issue We do expect to get back to researchers quickly with confirmation of a reported issue and tracking data on how we're doing resolving it. Let me now address a few concerns/comments people have specifically raised Chris Shiflett...

5 tips to comply with new ediscovery rules

2006-12-11 06:38:43 by Administrator in Email security & compliance blog

...reasonable care in creating guidelines as to what information needs to be retained and what should be purged, this will help in a court order since you can prove that your organization has taken electronic record retention seriously and that there are no irregular deletions of specific documents or emails Follow these 5 tips to show that your...

Tags: retention policy, records retention policy, records, documents, reasonable care, specific documents, company management, company, electronic record retention

Password policies. Once again.

2007-09-04 22:14:00 by Steve Riley in Steve Riley on Security

...reasonable default; our own corpnet uses 70 days. My experience with most customers shows that password sharing isn't a problem. So for those who do enforce long simple passphrases, I suggest that a reasonable default for expiration is 120 days Windows begins notifying you 14 days before your password expires. You can change this time period...

Tags: account, enable account lockout, password, account lockouts, disable account lockout, 42-day default expiration, default, expiration, password expires

Common Criteria and answering the question 'Is it Safe'

2007-12-20 16:57:00 by sdl in The Security Development Lifecycle

...reasonable job is addressing design vulnerabilities . A protection profile outlines customers interests and needs in terms of security features/functionality. Smart cards are a great example where the threat and risks to a class or products have been well defined and reflected in the protection profiles. Operating Systems and DBMSs are other...

Tags: criteria, fails, common criteria fails, common criteria, common criteria arguably, common, arguably, arguably deficient, security

Is Risk-Based Security Really Possible?

2007-07-26 20:42:00 by Bryan in practical risk management

...reasonable numerical accuracy across a certain demographic - we don't They have a straightforward way of estimating the loss associated with those events with reasonable numerical accuracy - we don't Not to mention the fact that insurance and information security are fundamentally different models, but I'll save that tangent for another...

Tags: security, information security, information security decisions, security management, security breach, breach, risk, wrong, ale hopelessly wrong

Stolen Davita laptop with dialysis patient data at risk

2008-03-06 15:50:24 by Evan Francen in The Breach Blog

...reasonable" level of security assurance. Storing personal information on a laptop without encryption or other controls and relying on password protection is not "reasonable" to me Past Breaches Unknown

Tags: collect personal information, personal information, sensitive personal information, information, personal, laptop, davita, hampshire, hampshire department

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive

...reasonable replacement metrics for 5 of the 10 in the paper. In Part-2 I'll take on the next 5 as well as discuss some other thoughts on what metrics matter for measuring web application security The paper is actually a good introduction on how to think about measuring software security, but I think a few of the metrics miss the mark...

Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security

Laptop containing personal information is stolen from U.S. Foodservice

2008-07-07 23:35:13 by Evan Francen in The Breach Blog

...reasonable assured, then the information IS compromised. If you believe that password-protection provides reasonable assurance, then you and I disagree Call the Toll Free Help Line at 1-866-584-9681 to get answer [sic] to your questions Staffed by a team of professionals Monday through Friday from 6:00 a.m. to 6:00 p.m. (Pacific Daylight...

Tags: information, personal information, confidential information, protect information, information security policies, usf, usf policies, policies, security

The Impact of Dans DNS Debacle on Internet Risk

2008-07-30 08:11:30 by Burton Group in Security and Risk Management Strategies Blog

...reasonable to expect fewer or more incidents that use this technique when comparing the period prior to disclosure -- or, more properly, before the date of Dans invention of the technique (this also assumes prior art) with the period after invention/disclosure and into the future. If the disclosure reduces the number of those incidents, then...

Tags: dns servers, servers, impact, dns, dns servers cache, risk impact revolves, major dns vendors, risk, major dns vulnerability

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo