Blog Posts Tagged with "Threat Modeling"
May 19, 2012 Added by:Danny Lieberman
As their computing capabilities develop, current trusted computing/security models will be inadequate for epidermal electronics devices and attention needs to be devoted as soon as possible in order to build a security model that will mitigate threats by malicious attackers...
May 03, 2012 Added by:Alan Woodward
It might be as simple as whether an image has been altered to whether large data sets should be used to make a critical business decision. Benford's law and its generalized forms can help us decide whether or not we can trust some electronic data we may be about to rely upon...
May 02, 2012 Added by:Wendy Nather
It's become trendy to talk about how ineffective some commoditized security products are, classic firewalls and AV being the poster children. One of Josh Corman's favorite points is that "we never retire any security controls." As I am of Josh, I think he's wrong on this...
April 01, 2012 Added by:Neira Jones
For a CISO to be successful, they need not only to be prepared to eliminate redundant services and controls (ouch!), but also to promote the elimination of redundant assets which they will invariably not own. Enter the political CISO...
March 23, 2012 Added by:Wendy Nather
It's harder to be accused of nefarious activities if you are completely above-board, show you're willing to be subject to appropriate limits, and make a point of relinquishing any powers you might have. Call it CYA, call it leading by example, whatever. It's ethically important...
March 20, 2012 Added by:Javvad Malik
An underlying theme throughout the event from nearly everyone I spoke to was that people are still neglecting the basics. Rafal Los and Shane MacDougall gave an interesting talk on offensive threat modeling for attackers where they took the attackers viewpoint on threats...
February 03, 2012 Added by:Danny Lieberman
Truly – the essence of security is protecting the people who use a company’s products and services. What utility is there in running 24×7 systems that leak 4 million credit cards or developing embedded medical devices that may kill patients?
October 28, 2011 Added by:Rafal Los
Threat modeling software is a delicate art, and often mis-understood enough to cause poor execution. It seems elementary that the best time to impact security in a positive way is during requirements gathering, yet many security professionals continue to ignore that opportunity...
July 22, 2011 Added by:Danny Lieberman
Startup management needs to know how much their information security measures will cost and how it helps them run the business. Business Threat Modeling (TM) is a practical way for a manager to assess the operational risk for the startup in dollars and cents...
June 15, 2011 Added by:Danny Lieberman
A discussion of HIPAA compliance needs to include a comprehensive threat analysis of the entire supply chain of data processing and not just limit itself to the cloud services that store electronic medical records...
October 02, 2010 Added by:PCI Guru
Are the days of eight character long passwords over? I have seen examples where current threats plus older threats could be used to compromise security. It was just all in how they were put together. It is very important that security professionals need to understand their opponent...
August 24, 2010 Added by:Fred Williams
In today's economic climate, any cost savings that a company can eke out is a win. By taking a closer look at data that already exists, companies can make more informed decisions that are optimal and realistic...
Hacker to Release Symantec's PCAnywhere Sour... Jerry Shaw on 10-05-2015
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015