SEARCH RESULTS
 
Showing 1-10 of 201 records
 
Expand article

Thoughts from Several Conferences

The Article has images
2008-03-17 00:23:00 by Richard Bejtlich in TaoSecurity
...specific target, or perhaps several targets (a target being a potential criminal). Intelligence operations can focus on large numbers of threats or specific parties A few other themes arose at ISS World. "Application-specific lawful intercept" is the Holy Grail, meaning recording only the data necessary to render content useful to the...
 
Tags: security, common security vocabulary, traffic, web traffic, https traffic, built-in rules, rules, physical security continues, data
 
 
 
 
Expand article

More trustworthy election systems via SDL?

2008-02-04 23:34:00 by sdl in The Security Development Lifecycle
 
...specific vendor, but rather am trying to illustrate examples of areas where application of the SDL could help contribute towards societys need for trustworthy computing in a very visible and important application Lets start with the Source Code Review of the Sequoia Voting System . Two examples from the executive summary are interesting...
 
Tags: machine security concerns, security concerns, election systems, election, security, security researchers, election systems margin, margin, election management system
 
 
 
 
Expand article

We Dont Need No Education

2008-03-14 14:03:23 by dmortman in securosis.com
 
...Specific. General security training is appropriate for all employees regardless of their job role. Group-Specific security training focuses on particular skills that are relevant to only a portion of the company Examples of General Security Training include 1. Education on policies and procedures 2. Fire/Tornado Drills 3. What to do in an...
 
Tags: information offsite, information, confidential information, security awareness program5, awareness, information security, security, security threat, group-specific security
 
 
 
 
Expand article

Best Practices For DLP Content Discovery: Part 3

2008-04-17 22:44:34 by rmogull in securosis.com
 
...specific like a group, security, or administrative key Management Ideally your content discovery capabilities will be managed using the same server as the rest of your DLP deployment. This will maintain consistent policies, workflow, and incident handling. Here are a few discovery-specific capabilities to look for Policy creation: data at...
 
Tags: restrict access controls, access controls, content, access, specific incident handler, specific, restrict access, incident handler, standard dlp incident
 
 
 
 
Expand article

The STRIDE per Element Chart

2007-10-29 23:06:46 by sdl in The Security Development Lifecycle
 
...Specific Elements Another thing you might note is that the STRIDE chart is sorta vague. A process could be an exe, a .NET assembly, or an a.out executable running on Unix v7. Each of those will be vulnerable to different instantiations of threats. Your exe or a.out will be vulnerable to simple stack smashing overflows, but the .NET assembly...
 
Tags: element chart, chart, stride, specific, specific threats, cve data, data, stride chart, threats
 
 
 
 
Expand article

Understanding and Selecting a Database Activity Monitoring Solution: Part 5, Advanced Features

2008-03-31 19:26:22 by rmogull in securosis.com
 
...specific fields, and can generate alerts or perform enforcement actions based on the result set. For example, a policy could generate an alert anytime a query result contained a credit card number, no matter what columns were referenced in the query Connection Pooled User Identification One of the more difficult problems we face in database...
 
Tags: database, database activity, application level, application, tools, change management tools, application activity, database queries, queries
 
 
 
 
Expand article

Iowa DNR loses personal information on 7,000

The Article has images
2007-12-19 14:22:00 by Evan Francen in The Breach Blog
...specific Evan] A non-specific policy is doomed to fail as is the entire program built around it The department was already reviewing its security policies when the Salem incident happened and probably will ban the use of flash drives in similar situations, he said Evan] Probably? If the Iowa DNR decides not to ban them, I hope they at least...
 
Tags: iowa dnr, iowa, iowa dnr decides, iowa dnr lost, iowa department, dnr, computer flash drive, drive, information
 
 
 
 
Expand article

Localizing Cybercrime - Cultural Diversity on Demand

The Article has images
2008-02-21 17:06:11 by HASH0x8b1e62c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...specific users only, would improve its authenticity. For instance, Ive come across harvested emails for sale segmented not only on cities in the country involved, but on specific industries as well, that could prove invaluable to a malicious attack, given todays growth in more targeted attacks, compared to mass ones It's been happening ever...
 
Tags: future, future malware trend, trend, malware, malware authors, demand, russian malware, services, demand translation services
 
 
 
 
Expand article

The Daily Incite - February 26, 2008

The Article has images
2008-02-26 08:32:32 by Mike Rothman in Mike Rothman's blog
...specific machine that is being targeted, they are going to get the data. Maybe not from the specific laptop, but they'll use some other attack. Criminals are pretty persistent that way. More importantly, this is a good reminder that we can't take security products for granted. We can't just throw a widget at the problem and move on to the...
 
Tags: data security, data security bill, capabilities, world, security capabilities, security world, security, metrics, security metrics
 
 
 
 
Expand article

Understanding and Selecting a Database Activity Monitoring Solution: Part 6, The Selection Process

2008-04-01 23:06:40 by rmogull in securosis.com