SecurityRatty: tag: tradeoffs

More on the necessity of antivirus software

2007-09-25 17:53:47 by Steve Riley in Steve Riley on Security

...tradeoffs. They also (should) involve an intimate understanding of what the users will be doing with their computers. Fact is, most individuals who are not full-time security professionals often make mistakes when trying to decide whether something is legitimate -- witness the ongoing success of phishing and 419 scams. And organizations,...

Tags: antivirus software, computers, client computers, similar self-control, control, involve tradeoffs, previous post, personal computers, post

In response to "Soft tokens aren't tokens at all"

2007-12-11 00:00:00 by Sean Kline in Speaking of Security, the RSA Blog and Podcast

...tradeoffs between strength of security, cost and ease of use. The key (no pun intended) is matching the right means of authentication to the right level of risk. This is why we have such a broad range of authentication types and form factors To some of your specific points, RSA SecurID hardware and software authenticators are both forms of...

Tags: authentication, multi-factor authentication, software authenticators, rsa securid hardware, rsa, form factors, factors, authentication types, blog entry

The New Threat Modeling Process

2007-10-02 01:15:35 by sdl in The Security Development Lifecycle

...tradeoffs youre making, and possibly have test plans in the bug, if you include those ii. You have a valid reason for each non-mitigated threat not being mitigated iii. All threats are in class i or ii 5.a. On change, re-validate This hamster wheel has a very intentional brake on it: the word change, above validate. What that means is you...

Tags: process, threat, process validation entails, threat model, software process diagram, people, people trust boundaries, love threat, hamster wheel

IATAC and SDL

2007-09-14 03:09:00 by sdl in The Security Development Lifecycle

...tradeoffs in other environments. The important thing to focus on is process evolution learning from customer pain, decisions made, and effectiveness of what you're doing and using that information as a catalyst for change As with any report, there are points on which reasonable people will differ however, it does a reasonably good job at...

Tags: sdl, software security assurance, software development process, microsoft business recently, report, microsoft, note significant mentions, hamilton recently, closer inspection

The Other Side of Life

2008-03-21 16:06:00 by sdl in The Security Development Lifecycle

...tradeoffs; the details matter; the big picture matters; you need tools; you need human insight; you need management support; and were never going to be perfect. All of the things youve read in this blog are true, and they really shouldnt be controversial. Since joining SQL, Ive learned a lot about SQL Server too, and what it means to ship a...

Tags: team, product team, engineers, security engineers, security, balance security, security professional, test managers, test

A Comparison of VNC Connection Methods

2008-04-30 00:00:00 by Editor in Infosec Writers Latest Security Papers

This paper, written by Frank Isaacs, discusses different methods of deploying VNC with an emphasis on the security considerations of each method, and the tradeoffs associated with the convenience of each method

Tags: security considerations, vnc, frank isaacs, methods, method, emphasis, discusses, tradeoffs, convenience

Minimizing the Attack Surface, Part 1

2008-06-24 19:09:34 by Chris Eng in Zero in a bit

...tradeoffs that go along with this approach

Tags: attack surface, custom web applications, web, services, prevent unnecessary services, unnecessary services, security, third-party libraries, fix security holes

Homeland Security Cost-Benefit Analysis

2008-07-17 06:43:25 by schneier in Schneier on Security

...tradeoffs, of protection measures. Here's the abstract: This paper attempts to set out some general parameters for coming to grips with a central homeland security concern: the effort to make potential targets invulnerable, or at least notably less vulnerable, to terrorist attack. It argues that protection makes sense only when protection is...

Tags: potential targets invulnerable, potential targets, targets, protection, invulnerable, protection measures, paper, paper attempts, potential terrorist targets

SANS Webcast: Security for Web Services and SOA

2008-08-04 11:29:54 by Gunnar Peterson in 1 Raindrop

...tradeoffs with developers, and cogent advice on how to address the issues It would be fantastic if the list of security issues in 2011 is different from the one 2005 that we are still stuck with

Tags: web services, web, security issues, issues, security, web services security, soa security issues, soa, security improvements

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo