SecurityRatty: tag: security

Security Matters: Lesson From the DNS Bug: Patching Isn't Enough

2008-07-23 19:00:00 by Bruce Schneier in Wired Security

...security community, the details of a critical internet vulnerability discovered by Dan Kaminsky about six months ago have leaked. Hackers are racing to produce exploit code, and network operators who haven't already patched the hole are scrambling to catch up. The whole mess is a good illustration of the problems with researching and...

Tags: security, security engineer, security engineer brings, security holes, smart design choice, design, security engineers, kaminsky, dan kaminsky

Information Security and Liabilities

2008-07-23 15:09:21 by schneier in Schneier on Security

...security and liabilities : Last summer, the House of Lords Science and Technology Committee issued a report on "Personal Internet Security." I was invited to give testimony for that report, and one of my recommendations was that software vendors be held liable when they are at fault. Their final report included that recommendation. The...

Tags: security, information security, liabilities, liability, software liability, computer vendor, vendor, report, automobile liability suit

Kernel space: Full disclosure for security holes

2008-07-22 00:00:00 by HASH0x8b32500 in Network World on Security

Linux developers fix kernel security holes out in the open. Is a bug a bug, or do security-related fixes deserve special treatment

Tags: bug

Ask the Auditor: Who is Responsible for Information Security?

2007-12-29 06:24:50 by Editor in Security Links

...security By Dan Swanson A Reader Asks: Who is responsible for information security The Auditor Responds: In short, the board of directors, management (of both staff and business lines), and internal audit functions all have significant roles in auditing information security. The big question for many companies is how these stakeholders should...

Tags: information, information security, information policy, information security risks, information assurance, information security governance, information security managers, information security management, assign information security

Maslow's heirarchy of security posture?

2007-07-08 17:22:32 by RaviC in Musings on Information Security

...security posture of a company. Each posture is determined by the line of business [type of industry] and the size of business [start-up or mid-size or large publicly traded 1. Don't Care for Security - These are early stage companies that don't have time for security since they are busy getting their product out. There are mid-size to large...

Tags: security posture, basic security posture, security, basic security, security practices, handle security incidents, security exists, security components, security program

The Feeling and Reality of Security

2008-04-08 05:50:01 by schneier in Schneier on Security

Security is both a feeling and a reality, and they're different. You can feel secure even though you're not, and you can be secure even though you don't feel it. There are two different concepts mapped onto the same word -- the English language isn't working very well for us here -- and it can be hard to know which one we're talking about when...

Tags: trade-offs, security trade-offs based, trade-offs intelligently, security trade-offs endemic, security trade-offs wrong, security trade-offs, security, endemic, security matches

The Feeling and Reality of Security

2008-04-08 05:50:01 by schneier in Schneier on Security

Security is both a feeling and a reality, and they're different. You can feel secure even though you're not, and you can be secure even though you don't feel it. There are two different concepts mapped onto the same word -- the English language isn't working very well for us here -- and it can be hard to know which one we're talking about when...

Tags: trade-offs, security trade-offs based, trade-offs intelligently, security trade-offs endemic, security trade-offs wrong, security trade-offs, security, endemic, security matches

Your Turn At The Bar Again? Security Costs in a Pay Per Drink Cloud

2008-05-01 20:55:26 by Craig Balding in Cloud Security

...security tools at all, Cloud Computing may impact the way you calculate your IT security budgets. Assessing The Cost of Runtime Security Security costs can be overt or hidden budget items spread across infrastructure, security, compliance, midrange the runtime security costs of security tools that execute on the systems How many organisations...

Tags: security costs, costs, runtime security costs, security runtime costs, security, security tool, security tool inefficiency, security tools plays, plays

Web 2.0 Security - The Beginning of the End or The End of the Beginning

2008-05-29 15:26:12 by Gunnar Peterson in 1 Raindrop

...security, its hard to be optimistic where things are going wrt Web 2.0 security. Granted when Web 1.0 was built out did not have the ability to use static analysis to find vulnerabilities, we didn't have good identity standards and so on. So are we at a new a beginning where new tools and mechanisms will save our bacon? Or will Web 2.0 herald...

Tags: people, software security people, software security, software security team, security, security people, web, security support, architecture

Taming of the Information Security

2008-07-09 06:33:00 by RaviC

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo