Blog Posts Tagged with "Architecture"


Understanding Industrial Control System Vulnerabilities

March 21, 2012 Added by:Infosec Island Admin

A mission-critical control system is typically configured in a fully-redundant architecture allowing quick recovery from loss of various components in the system. A backup control center is used in more critical applications to provide a secondary control system...

Comments  (0)


Continuous Patching: Is it Viable in the Enterprise?

February 28, 2012 Added by:Rafal Los

The way patching works right now on all different levels I'm surprised anything works because we have operating system patches going in with application patches - and we're all just a heartbeat away from catastrophe. Maybe more continuous patching can be our savior...

Comments  (2)


Insecure At Any Speed

February 09, 2012 Added by:Wendy Nather

Security is an afterthought, and a bad one at that. As long as it remains separate from the systems it's supposed to protect, instead of an attribute, and requires users to maintain an abnormal level of awareness, security is going to continue to be as bad as it is today...

Comments  (0)


Some Facts About Carrier IQ

December 19, 2011 Added by:Electronic Frontier Foundation

There is an additional configuration file (called a "Profile") that determines what information is sent from the phone to a carrier. Profiles are programs in a domain-specific filtering language - they are normally written by Carrier IQ to the specifications of a telco or other client...

Comments  (0)


Case Study: A Cloud Security Assessment

December 13, 2011 Added by:Danny Lieberman

A client asked us to find a way to reduce risk exposure at the lowest cost. Using the Business Threat Modeling methodology and Practical Threat Analysis software, we were able to mitigate 80% of the total risk exposure in dollars at half the security budget proposed by the vendor....

Comments  (1)


Cracking the Code of Silence on Meaningful Security Metrics

December 06, 2011 Added by:Elizabeth Ireland

It’s ironic, but security policies themselves make it difficult for management to understand the relative value of various security investments, to pinpoint areas of risk, and to translate that information into continuous security improvements...

Comments  (0)


Why a Data Flow Map Will Make Your Life Easier

October 23, 2011 Added by:Brent Huston

It’s impossible to protect everything in your environment if you don’t know what’s there. All system components and their dependencies need to be identified. This isn’t a mere inventory listing. Adding the dependencies and trust relationships is where the effort pays off...

Comments  (0)


NIST Releases Secure Cloud Computing Guidelines

September 15, 2011 Added by:Headlines

NIST is responsible for accelerating the federal government’s secure adoption of cloud computing by leading efforts to develop standards and guidelines in close consultation and collaboration with standards bodies, the private sector and other stakeholders, including federal agencies...

Comments  (0)


Hybrid Delivery: Corporate Applications and the Cloud

August 13, 2011 Added by:Rafal Los

As applications start to cross network boundaries between the traditional corporate network and cloud-based providers and service vendors, there is an imminent collision between the application development practices of yore, and the differing requirements around architecting for the cloud...

Comments  (1)


Three Things About Consumer Cloud Technology

July 07, 2011 Added by:Brent Huston

Organizations need data-centric controls that allow for flexibility in usage and protection. Your IT architectures and controls need to allow for those changes or face increasing levels of danger and obsolesce. You can not stop consumer cloud services from leaking into your enterprise...

Comments  (0)


Public Cloud/Private Cloud – A Redux

June 23, 2011 Added by:Ben Kepes

Christian Reilly brings a really interesting perspective to the public/private cloud debate. Reilly sees the daily realities of legacy applications, “just keep the lights on” budgets and multiple issues around compliance and security...

Comments  (0)


APTs Require a Comprehensive Architecture

June 08, 2011 Added by:Rahul Neel Mani

APTs are becoming more and more complicated. However, there are certain security measures that organisation still need to take. Take the case of Epsilon data breach, or RSA breach. Hacked using simple social engineering tools like spear phishing and phishing e-mail to succeed...

Comments  (0)


Is the Cloud More Secure Than a Physical Environment?

May 23, 2011 Added by:Bill Gerneglia

An advantage of the cloud in terms of security is that it is utility based. If you use a managed solution that is flexible, allowing you to pay for its utility, even if you are a small company, then security should be packaged in...

Comments  (0)


Architecting Secure Information Systems

May 04, 2011 Added by:Robb Reck

Creating secure systems from the ground up requires different skills than buying and bolting on technologies to implement security after the fact. You have the chance to build this new system with a strong foundation. Do not miss your chance to show how security should be addressed...

Comments  (0)


Forklifting Apps to the Cloud – Realistic or Not?

April 17, 2011 Added by:Ben Kepes

Aspects of this discussion are little more than cloud elites arguing finer points. There are some issues in the message used to justify the cloud to enterprises. We need to have a consistent story about what the cloud really means for an enterprise – something that is sadly lacking today...

Comments  (0)


ERP System Attacks and the BlackHat DC Conference

February 14, 2011 Added by:Alexander Polyakov

During the BlackHat DC conference, DSecRG experts talked about attacks on corporate business-applications which can be used by cybercriminals for espionage, sabotage and fraudulent actions. Despite the fact, companies like SAP and Oracle regularly release security updates that are subject to attacks...

Comments  (0)

Page « < 1 - 2 > »