Blog Posts Tagged with "Threat Modeling"


Bionic M2M: Are Skin-Mounted M2M the Future of eHealth?

May 19, 2012 Added by:Danny Lieberman

As their computing capabilities develop, current trusted computing/security models will be inadequate for epidermal electronics devices and attention needs to be devoted as soon as possible in order to build a security model that will mitigate threats by malicious attackers...

Comments  (0)


Law Of First Digits and How It Might Lead To More Trust

May 03, 2012 Added by:Alan Woodward

It might be as simple as whether an image has been altered to whether large data sets should be used to make a critical business decision. Benford's law and its generalized forms can help us decide whether or not we can trust some electronic data we may be about to rely upon...

Comments  (0)


Why We Still Need Firewalls and AV

May 02, 2012 Added by:Wendy Nather

It's become trendy to talk about how ineffective some commoditized security products are, classic firewalls and AV being the poster children. One of Josh Corman's favorite points is that "we never retire any security controls." As I am of Josh, I think he's wrong on this...

Comments  (2)


Manage Risk Before it Damages You - Part Two

April 01, 2012 Added by:Neira Jones

For a CISO to be successful, they need not only to be prepared to eliminate redundant services and controls (ouch!), but also to promote the elimination of redundant assets which they will invariably not own. Enter the political CISO...

Comments  (2)


Eating the Security Dog Food

March 23, 2012 Added by:Wendy Nather

It's harder to be accused of nefarious activities if you are completely above-board, show you're willing to be subject to appropriate limits, and make a point of relinquishing any powers you might have. Call it CYA, call it leading by example, whatever. It's ethically important...

Comments  (0)


Black Hat Europe 2012 Roundup

March 20, 2012 Added by:Javvad Malik

An underlying theme throughout the event from nearly everyone I spoke to was that people are still neglecting the basics. Rafal Los and Shane MacDougall gave an interesting talk on offensive threat modeling for attackers where they took the attackers viewpoint on threats...

Comments  (0)


The Valley of Death Between IT and Security

February 03, 2012 Added by:Danny Lieberman

Truly – the essence of security is protecting the people who use a company’s products and services. What utility is there in running 24×7 systems that leak 4 million credit cards or developing embedded medical devices that may kill patients?

Comments  (0)


Effective Software Security Starts and Ends with Requirements

October 28, 2011 Added by:Rafal Los

Threat modeling software is a delicate art, and often mis-understood enough to cause poor execution. It seems elementary that the best time to impact security in a positive way is during requirements gathering, yet many security professionals continue to ignore that opportunity...

Comments  (0)


Practical Security Management for Startups

July 22, 2011 Added by:Danny Lieberman

Startup management needs to know how much their information security measures will cost and how it helps them run the business. Business Threat Modeling (TM) is a practical way for a manager to assess the operational risk for the startup in dollars and cents...

Comments  (0)


HIPAA Compliance and Cloud Security

June 15, 2011 Added by:Danny Lieberman

A discussion of HIPAA compliance needs to include a comprehensive threat analysis of the entire supply chain of data processing and not just limit itself to the cloud services that store electronic medical records...

Comments  (1)


Do We Need Twelve Character Long Passwords?

October 02, 2010 Added by:PCI Guru

Are the days of eight character long passwords over? I have seen examples where current threats plus older threats could be used to compromise security. It was just all in how they were put together. It is very important that security professionals need to understand their opponent...

Comments  (5)


Using Analytics and Modeling to Predict Attacks

August 24, 2010 Added by:Fred Williams

In today's economic climate, any cost savings that a company can eke out is a win. By taking a closer look at data that already exists, companies can make more informed decisions that are optimal and realistic...

Comments  (3)