Blog Posts Tagged with "Threat Modeling"

959779642e6e758563e80b5d83150a9f

Bionic M2M: Are Skin-Mounted M2M the Future of eHealth?

May 19, 2012 Added by:Danny Lieberman

As their computing capabilities develop, current trusted computing/security models will be inadequate for epidermal electronics devices and attention needs to be devoted as soon as possible in order to build a security model that will mitigate threats by malicious attackers...

Comments  (0)

01ceb9281b3fb3dbb90c3efbe327717e

Law Of First Digits and How It Might Lead To More Trust

May 03, 2012 Added by:Alan Woodward

It might be as simple as whether an image has been altered to whether large data sets should be used to make a critical business decision. Benford's law and its generalized forms can help us decide whether or not we can trust some electronic data we may be about to rely upon...

Comments  (0)

Ebe141392ea3ebf96ba918c780ea1ebe

Why We Still Need Firewalls and AV

May 02, 2012 Added by:Wendy Nather

It's become trendy to talk about how ineffective some commoditized security products are, classic firewalls and AV being the poster children. One of Josh Corman's favorite points is that "we never retire any security controls." As I am of Josh, I think he's wrong on this...

Comments  (2)

9f19bdb2d175ba86949c352b0cb85572

Manage Risk Before it Damages You - Part Two

April 01, 2012 Added by:Neira Jones

For a CISO to be successful, they need not only to be prepared to eliminate redundant services and controls (ouch!), but also to promote the elimination of redundant assets which they will invariably not own. Enter the political CISO...

Comments  (2)

Ebe141392ea3ebf96ba918c780ea1ebe

Eating the Security Dog Food

March 23, 2012 Added by:Wendy Nather

It's harder to be accused of nefarious activities if you are completely above-board, show you're willing to be subject to appropriate limits, and make a point of relinquishing any powers you might have. Call it CYA, call it leading by example, whatever. It's ethically important...

Comments  (0)

99edc1997453f90eb5ac1430fd9a7c61

Black Hat Europe 2012 Roundup

March 20, 2012 Added by:Javvad Malik

An underlying theme throughout the event from nearly everyone I spoke to was that people are still neglecting the basics. Rafal Los and Shane MacDougall gave an interesting talk on offensive threat modeling for attackers where they took the attackers viewpoint on threats...

Comments  (0)

959779642e6e758563e80b5d83150a9f

The Valley of Death Between IT and Security

February 03, 2012 Added by:Danny Lieberman

Truly – the essence of security is protecting the people who use a company’s products and services. What utility is there in running 24×7 systems that leak 4 million credit cards or developing embedded medical devices that may kill patients?

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Effective Software Security Starts and Ends with Requirements

October 28, 2011 Added by:Rafal Los

Threat modeling software is a delicate art, and often mis-understood enough to cause poor execution. It seems elementary that the best time to impact security in a positive way is during requirements gathering, yet many security professionals continue to ignore that opportunity...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Practical Security Management for Startups

July 22, 2011 Added by:Danny Lieberman

Startup management needs to know how much their information security measures will cost and how it helps them run the business. Business Threat Modeling (TM) is a practical way for a manager to assess the operational risk for the startup in dollars and cents...

Comments  (0)

959779642e6e758563e80b5d83150a9f

HIPAA Compliance and Cloud Security

June 15, 2011 Added by:Danny Lieberman

A discussion of HIPAA compliance needs to include a comprehensive threat analysis of the entire supply chain of data processing and not just limit itself to the cloud services that store electronic medical records...

Comments  (1)

Fc152e73692bc3c934d248f639d9e963

Do We Need Twelve Character Long Passwords?

October 02, 2010 Added by:PCI Guru

Are the days of eight character long passwords over? I have seen examples where current threats plus older threats could be used to compromise security. It was just all in how they were put together. It is very important that security professionals need to understand their opponent...

Comments  (5)

D5e39323dd0a7b8534af8a5043a05da2

Using Analytics and Modeling to Predict Attacks

August 24, 2010 Added by:Fred Williams

In today's economic climate, any cost savings that a company can eke out is a win. By taking a closer look at data that already exists, companies can make more informed decisions that are optimal and realistic...

Comments  (3)