Blog Posts Tagged with "Threat Modeling"
Bionic M2M: Are Skin-Mounted M2M the Future of eHealth?
May 19, 2012 Added by:Danny Lieberman
As their computing capabilities develop, current trusted computing/security models will be inadequate for epidermal electronics devices and attention needs to be devoted as soon as possible in order to build a security model that will mitigate threats by malicious attackers...
Comments (0)
Law Of First Digits and How It Might Lead To More Trust
May 03, 2012 Added by:Alan Woodward
It might be as simple as whether an image has been altered to whether large data sets should be used to make a critical business decision. Benford's law and its generalized forms can help us decide whether or not we can trust some electronic data we may be about to rely upon...
Comments (0)
Why We Still Need Firewalls and AV
May 02, 2012 Added by:Wendy Nather
It's become trendy to talk about how ineffective some commoditized security products are, classic firewalls and AV being the poster children. One of Josh Corman's favorite points is that "we never retire any security controls." As I am of Josh, I think he's wrong on this...
Comments (2)
Manage Risk Before it Damages You - Part Two
April 01, 2012 Added by:Neira Jones
For a CISO to be successful, they need not only to be prepared to eliminate redundant services and controls (ouch!), but also to promote the elimination of redundant assets which they will invariably not own. Enter the political CISO...
Comments (2)
Eating the Security Dog Food
March 23, 2012 Added by:Wendy Nather
It's harder to be accused of nefarious activities if you are completely above-board, show you're willing to be subject to appropriate limits, and make a point of relinquishing any powers you might have. Call it CYA, call it leading by example, whatever. It's ethically important...
Comments (0)
Black Hat Europe 2012 Roundup
March 20, 2012 Added by:Javvad Malik
An underlying theme throughout the event from nearly everyone I spoke to was that people are still neglecting the basics. Rafal Los and Shane MacDougall gave an interesting talk on offensive threat modeling for attackers where they took the attackers viewpoint on threats...
Comments (0)
The Valley of Death Between IT and Security
February 03, 2012 Added by:Danny Lieberman
Truly – the essence of security is protecting the people who use a company’s products and services. What utility is there in running 24×7 systems that leak 4 million credit cards or developing embedded medical devices that may kill patients?
Comments (0)
Effective Software Security Starts and Ends with Requirements
October 28, 2011 Added by:Rafal Los
Threat modeling software is a delicate art, and often mis-understood enough to cause poor execution. It seems elementary that the best time to impact security in a positive way is during requirements gathering, yet many security professionals continue to ignore that opportunity...
Comments (0)
Practical Security Management for Startups
July 22, 2011 Added by:Danny Lieberman
Startup management needs to know how much their information security measures will cost and how it helps them run the business. Business Threat Modeling (TM) is a practical way for a manager to assess the operational risk for the startup in dollars and cents...
Comments (0)
HIPAA Compliance and Cloud Security
June 15, 2011 Added by:Danny Lieberman
A discussion of HIPAA compliance needs to include a comprehensive threat analysis of the entire supply chain of data processing and not just limit itself to the cloud services that store electronic medical records...
Comments (1)
Do We Need Twelve Character Long Passwords?
October 02, 2010 Added by:PCI Guru
Are the days of eight character long passwords over? I have seen examples where current threats plus older threats could be used to compromise security. It was just all in how they were put together. It is very important that security professionals need to understand their opponent...
Comments (5)
Using Analytics and Modeling to Predict Attacks
August 24, 2010 Added by:Fred Williams
In today's economic climate, any cost savings that a company can eke out is a win. By taking a closer look at data that already exists, companies can make more informed decisions that are optimal and realistic...
Comments (3)
- Connecting Bellwether Metrics to the Business
- The Dilemma of PCI Scoping - Part 1
- Cyphort Detects Surge in Ad Network Infections, a.k.a. “Malvertising”
- Israeli Military and Hamas trade Hacking Attacks
- Security and the Internet of Things
- EBS Encryption: Enhancing the Amazon Web Services Offering with Key Management
- White House Website Includes Unique Non-Cookie Tracker, Conflicts With Privacy Policy
- Crypto Locker Down, But NOT Out
- The Unisys Ponemon study – Is It Actually Relevant to ICSs
- Black Hat Conference Talk on How to Break Tor Cancelled