SecurityRatty: Information Centric Security

ICS and "Where Do I Start"

2008-11-19 07:58:00 by Adrian Lane in Information Centric Security

It is a surprisingly simple question, but one that I am not accustomed to answering, and I think that I did a poor job in addressing. I basically pointed the guy back to the lifecycle and said "If it's new data, go through this process. If it is existing data, go through this process". Technically sound, but not very helpful. If you are working...

Tags: data, data strewn, surprisingly simple question, legacy systems, process, poor job, challenges, firm, guy

DRM In The Cloud

2008-09-16 07:52:18 by Adrian Lane in Information Centric Security

This is a cross-post from Securosis**I have a well publicized love-hate opinion of Digital Rights Management. DRM can solve some security problems but will fail outright if applied in other areas, most notably consumer media protection. I remain an advocate

Tags: digital rights management, fail outright, drm, remain, solve, cross-post, opinion, securosisi, security

Information Centric Security and Virtualization

2008-07-21 19:00:00 by Adrian Lane in Information Centric Security

With Information Centric Security, you create a virtual container, wrapper or 'universe' for the data and the business rules. You no longer care if some of the infrastructure has been compromised as you may still be able to keep data secure even if it has been copied or vMotion'ed off to some other place outside your control

Tags: information centric security, data, data secure, business rules, virtual container, infrastructure, care, vmotion, wrapper

What's My Motivation?

2008-07-02 07:36:48 by Adrian Lane in Information Centric Security

Or more appropriately, "Why are we talking about ADMP?" In his first post on the future of application and database security, Rich talked about Forces and Assumptions heading us down an evolutionary path towards ADMP. I want to offer a slightly different take on my motivation, or belief, in this strategy

Tags: admp, evolutionary path, database security, motivation, strategy, offer, application, post, appropriately

Adrian Lane joins Securosis!

2008-06-11 21:48:16 by Adrian Lane in Information Centric Security

Believe it or not, I'm going to work with Rich Mogull at Securosis. Worst yet, I'm excited about it

Tags: securosis, rich mogull, worst

DEMIDS and Database Misuse Detection

2008-06-05 07:44:18 by Adrian Lane in Information Centric Security

DEMIDS is an early paper on how to detect errant use of a database. As an overview, the paper describes a system where misuse is detected by the use of a distance function. It attributes a set of tables or database functions as the normal domain of a user, and everything that the user accesses outside of that specified domain has some distance...

Tags: database, distance, database functions, distance factor, misuse, domain, normal domain, tables, user accesses

ICS Example No. 2

2008-06-04 14:13:59 by Adrian Lane in Information Centric Security

I also wanted to discuss a slightly more complex example to illustrate how Information Centric Security can solve other problems

Tags: information centric security, discuss, solve, slightly, complex

Miscellaneous Ramblings on ICS

2008-06-03 11:02:43 by Adrian Lane in Information Centric Security

...Information Centric Security as a model, we worship at slightly different altars of implementation. Some of us view the solution as a virtualized application space, which I believe is manifest of a business processing security perspective. Others view the solution as a packetized encapsulation of data objects, which I believe originates from...

Tags: data, personal data protection, data objects, data policy management, advantage, implementation strategies, perspective, information centric security, implementation

More comments on database security

2008-06-02 19:51:58 by Adrian Lane in Information Centric Security

...security, Assessment forms a full 60% of the overall requirements. The majority of the requirements. My sampling size is about 40 such documents, so I believe this is a large enough number to be meaningful. DAM, encryption, audit and the other items are in the remaining 40%. More still, Monitoring provides critical value on a select number of...

Tags: database security, assessment forms, documents, critical, critical servers, procedure documents, assessment, requirements, meaningful

Database Security Market.

2008-05-27 09:03:53 by Adrian Lane in Information Centric Security

...security industry. Second, I have discovered some hard evidence to support a couple of quiet predictions that I have had for a while. Finally, I find myself unburdened of several responsibilities so I can talk more freely about all of the above. This has all lead me to a new series of posts on this blog that I will be making on the database...

Tags: database security industry, couple, couple indicators, market, hard evidence, quiet predictions, support, lead, lot

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo