Blog Posts Tagged with "Architecture"

7fef78c47060974e0b8392e305f0daf0

Understanding Industrial Control System Vulnerabilities

March 21, 2012 Added by:Infosec Island Admin

A mission-critical control system is typically configured in a fully-redundant architecture allowing quick recovery from loss of various components in the system. A backup control center is used in more critical applications to provide a secondary control system...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Continuous Patching: Is it Viable in the Enterprise?

February 28, 2012 Added by:Rafal Los

The way patching works right now on all different levels I'm surprised anything works because we have operating system patches going in with application patches - and we're all just a heartbeat away from catastrophe. Maybe more continuous patching can be our savior...

Comments  (2)

Ebe141392ea3ebf96ba918c780ea1ebe

Insecure At Any Speed

February 09, 2012 Added by:Wendy Nather

Security is an afterthought, and a bad one at that. As long as it remains separate from the systems it's supposed to protect, instead of an attribute, and requires users to maintain an abnormal level of awareness, security is going to continue to be as bad as it is today...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Some Facts About Carrier IQ

December 19, 2011 Added by:Electronic Frontier Foundation

There is an additional configuration file (called a "Profile") that determines what information is sent from the phone to a carrier. Profiles are programs in a domain-specific filtering language - they are normally written by Carrier IQ to the specifications of a telco or other client...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Case Study: A Cloud Security Assessment

December 13, 2011 Added by:Danny Lieberman

A client asked us to find a way to reduce risk exposure at the lowest cost. Using the Business Threat Modeling methodology and Practical Threat Analysis software, we were able to mitigate 80% of the total risk exposure in dollars at half the security budget proposed by the vendor....

Comments  (1)

112497d0d46922d314cacb13897ebf75

Cracking the Code of Silence on Meaningful Security Metrics

December 06, 2011 Added by:Elizabeth Ireland

It’s ironic, but security policies themselves make it difficult for management to understand the relative value of various security investments, to pinpoint areas of risk, and to translate that information into continuous security improvements...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Why a Data Flow Map Will Make Your Life Easier

October 23, 2011 Added by:Brent Huston

It’s impossible to protect everything in your environment if you don’t know what’s there. All system components and their dependencies need to be identified. This isn’t a mere inventory listing. Adding the dependencies and trust relationships is where the effort pays off...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NIST Releases Secure Cloud Computing Guidelines

September 15, 2011 Added by:Headlines

NIST is responsible for accelerating the federal government’s secure adoption of cloud computing by leading efforts to develop standards and guidelines in close consultation and collaboration with standards bodies, the private sector and other stakeholders, including federal agencies...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Hybrid Delivery: Corporate Applications and the Cloud

August 13, 2011 Added by:Rafal Los

As applications start to cross network boundaries between the traditional corporate network and cloud-based providers and service vendors, there is an imminent collision between the application development practices of yore, and the differing requirements around architecting for the cloud...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Three Things About Consumer Cloud Technology

July 07, 2011 Added by:Brent Huston

Organizations need data-centric controls that allow for flexibility in usage and protection. Your IT architectures and controls need to allow for those changes or face increasing levels of danger and obsolesce. You can not stop consumer cloud services from leaking into your enterprise...

Comments  (0)

4c1c5119b03285e3f64bd83a8f9dfeec

Public Cloud/Private Cloud – A Redux

June 23, 2011 Added by:Ben Kepes

Christian Reilly brings a really interesting perspective to the public/private cloud debate. Reilly sees the daily realities of legacy applications, “just keep the lights on” budgets and multiple issues around compliance and security...

Comments  (0)

F520f65cba281c31e29c857faa651872

APTs Require a Comprehensive Architecture

June 08, 2011 Added by:Rahul Neel Mani

APTs are becoming more and more complicated. However, there are certain security measures that organisation still need to take. Take the case of Epsilon data breach, or RSA breach. Hacked using simple social engineering tools like spear phishing and phishing e-mail to succeed...

Comments  (0)

44fa7dab2a22dc03b6a1de4a35b7834a

Is the Cloud More Secure Than a Physical Environment?

May 23, 2011 Added by:Bill Gerneglia

An advantage of the cloud in terms of security is that it is utility based. If you use a managed solution that is flexible, allowing you to pay for its utility, even if you are a small company, then security should be packaged in...

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

Architecting Secure Information Systems

May 04, 2011 Added by:Robb Reck

Creating secure systems from the ground up requires different skills than buying and bolting on technologies to implement security after the fact. You have the chance to build this new system with a strong foundation. Do not miss your chance to show how security should be addressed...

Comments  (0)

4c1c5119b03285e3f64bd83a8f9dfeec

Forklifting Apps to the Cloud – Realistic or Not?

April 17, 2011 Added by:Ben Kepes

Aspects of this discussion are little more than cloud elites arguing finer points. There are some issues in the message used to justify the cloud to enterprises. We need to have a consistent story about what the cloud really means for an enterprise – something that is sadly lacking today...

Comments  (0)

7d55c20d433dd60022642d3ab77b8efb

ERP System Attacks and the BlackHat DC Conference

February 14, 2011 Added by:Alexander Polyakov

During the BlackHat DC conference, DSecRG experts talked about attacks on corporate business-applications which can be used by cybercriminals for espionage, sabotage and fraudulent actions. Despite the fact, companies like SAP and Oracle regularly release security updates that are subject to attacks...

Comments  (0)

Page « < 1 - 2 > »