SEARCH RESULTS
 
Showing 1-10 of 34 records
 
Expand article

Dreamhost Review Updated

2008-07-04 17:39:49 by Editor in Irongeek's Security Site
 
...reflect some of Dreamhost's new polices, my experiences and how the discount codes differ from when I last updated it (1/31/2007). I've also have five limited discount codes to give away that grant the following: 2TB disk and 20TB bandwidth, gives $150 off a 5-year signup or $200 off a 10-year signup. Contact me if you want one of my five one...
 
Tags: dreamhost review, dreamhost, codes, discount codes, wrong information based, 10-year signup, 20tb bandwidth, 5-year signup, 2tb disk
 
 
 
 
Expand article

Measuring Vulnerability

The Article has images
2008-04-14 14:31:38 by JonesJ in RiskAnalys.is
...reflects the fact that wind speeds vary from tornado to tornado, ranging from under 100 MPH to over 300 MPH, with most falling in the 200 MPH range. (Keep in mind this is just an illustration and isnt intended to reflect actual tornado data In order to determine the probability of being vulnerable, wed use a Monte Carlo function to Take a...
 
Tags: threat capability curve, capability, human capability, human threat capability, describe control strength, control strength, capability curve, threat community capability, control
 
 
 
 
Expand article

How Secure is Secure?

2008-05-08 16:46:00 by sdl in The Security Development Lifecycle
 
...reflect the amount of rigor and attention to claimed security functional requirements a developer applied while creating a product. Furthermore, the EALs also reflect increasing levels of effort and resources necessary by anyone reviewing a product in order to evaluate the products claimed security functional requirements. However, EAL...
 
Tags: security metrics, software security metrics, implementation vulnerabilities, potential implementation vulnerabilities, metrics, secure, software, discretionary security protection, security protection
 
 
 
 
Expand article

"Walking" with the SDL - Part 4

2008-07-25 20:49:00 by sdl in The Security Development Lifecycle
 
...reflect the final product, the code should be complete, and all security-related testing should be completed and documented. In addition, everyone involved in the FSR should have full access to the bug database to review status or exceptions to security bugs What does an FSR team do Re-review threat models to verify all mitigations identified...
 
Tags: team, product team, requirements, define requirements, security requirements, security, final security report, threat models, re-review threat models
 
 
 
 
Expand article

Hansei and the CISO

The Article has images
2008-09-16 17:47:47 by Alex in RiskAnalys.is
...reflection (Hansei) and continuous improvement (Kaizen) to security management. Today is a good day to talk about what should we be reflecting about , and what is needed for reflection I say today is a good day for two reasons: 1.) BTs CSO Jill Knesek wrote an article called Keys to establishing an end-to-end security strategy which begs some...
 
Tags: risk management requires, risk management, risk, hansei, risk register, program, manage risk, manage, adrians program diagram
 
 
 
 
Expand article

What's your data worth? More importantly, to whom?

2007-10-25 06:49:21 by Steve Riley in Steve Riley on Security
 
This week, I'm attending and spoke at a cybercrime conference in Singapore. One of the presenters made a very good point, and I want to share it with you When considering how to protect your data, don't consider how valuable it might be to an attacker. Always, instead, consider how valuable it is to you I know, it seems so simple when you see it...
 
Tags: data, data accessible online, valuable, security, security wrong, opposite approach, approach, bad guys, worth
 
 
 
 
Expand article

July 2007 - Operating System Vulnerability Scorecard

The Article has images
2007-08-16 22:47:26 by jrjones in Jeff Jones Security Blog
...reflect short-term bursts of issues and that the former would give an overall view for the year that would incorporate the ups and downs Instead, the two versions of the charts seem to look very similar except for the numbers and scale. This kind of hints that whatever vulnerability disclosure and fix rate a product has, it is staying pretty...
 
Tags: server, linux server builds, server charts, charts, ytd charts, non-linux products, linux products, linux products comments, common server roles
 
 
 
 
Expand article

Common Criteria and answering the question 'Is it Safe'

2007-12-20 16:57:00 by sdl in The Security Development Lifecycle
 
...reflected in the protection profiles. Operating Systems and DBMSs are other examples where useful protection profiles have been created. CC as currently applied is arguably deficient is in two ways: 1) PPs dont currently exist for many categories of products (Mobile devices and instant messaging applications for example). 2) An evaluation is...
 
Tags: criteria, fails, common criteria fails, common criteria, common criteria arguably, common, arguably, arguably deficient, security
 
 
 
 
Expand article

SSAATY - 1,010 posts strong!

The Article has images
2008-02-14 23:12:42 by HASH0x8be190c in StillSecure, After All These Years
...reflect on. I was thinking what were some of my favorites. What were some of my least favorites. I would be interested in what your thoughts as to best and worst articles were. Anyway as they say in the song, what a long strange trip its been! My heartfelt thanks to you my readers who encourage me to continue blogging. There is nothing like...
 
Tags: 1000th post, post, valuable time, time, tenth post, worst articles, articles, hope, blog
 
 
 
 
Expand article

Prospects Brightening for a Common Event Standard

2008-02-25 08:38:57 by Burton Group in Security and Risk Management Strategies Blog
 
...reflect a considerable amount for work that has already been done and can be built upon. It is positive that a CEE community representative says Mitre plans to begin by seeking comments on the underlying goals and requirements for event standards. But to establish a