SEARCH RESULTS
 
Showing 1-10 of 43 records
 
Expand article

Common Criteria and answering the question 'Is it Safe'

2007-12-20 16:57:00 by sdl in The Security Development Lifecycle
 
...scenarios such as smart cards, but much less good in scenarios with larger scale/complex software.) If CC aspires to truly meet customer needs to answer the question Is it Safe? then CC needs to consider the real world evidence in terms of vulnerability rates found in CC evaluation products to discover it is currently failing to meet customer...
 
Tags: criteria, fails, common criteria fails, common criteria, common criteria arguably, common, arguably, arguably deficient, security
 
 
 
 
Expand article

The New Threat Modeling Process

The Article has images
2007-10-02 01:15:35 by sdl in The Security Development Lifecycle
...scenarios and use cases to help frame your threat modeling. What are the security aspects of your scenarios? What do your personas expect or hope doesnt happen? What are the security goals of the system youre building, and how do those interact with the system as it stands Model : The basic idea is to create a diagram of your software,...
 
Tags: process, threat, process validation entails, threat model, software process diagram, people, people trust boundaries, love threat, hamster wheel
 
 
 
 
Expand article

Ethics of Autonomous Military Robots

2008-01-28 07:12:35 by schneier in Schneier on Security
 
...scenarios to design and construct an autonomous robotic system architecture capable of the ethical use of lethal force. These first steps toward that goal are very preliminary and subject to major revision, but at the very least they can be viewed as the beginnings of an ethical robotic warfighter. The primary goal remains to enforce the...
 
Tags: ethical, ethical constraint set, ethical robotic warfighter, ethics, ethical boundaries, international protocols, war tradition subscribes, war, international
 
 
 
 
Expand article

Disk encryption not enough?

2008-02-21 17:14:00 by Manu Namboodiri in Data Protection, Management and Leakage
 
...scenarios such as TPM+Pin How easy is it to scan the RAM on a locked system There was another article recently in eWeek that talked about FDE not being sufficient protection. I personally think that we need defense against multiple scenarios - not sure if the defense-in-depth term can be used, but seems to fit the best Looking forward to...
 
Tags: bit, disk encryption, bit worrisome, article recently, article, sufficient protection, bitlocker, multiple scenarios, tpm chip
 
 
 
 
Expand article

The importance of business skills

The Article has images
2007-04-27 07:23:30 by RaviC in Musings on Information Security
...scenarios [scenarios aka experential knowledge 2. Skills and Certifications. Moreover, less time required to acquire new skills 3. Competency. [Translates to lower probability of making mistakes and higher probability of doing it right The above are measures of security professional to meet the expectations of the job and does not help in...
 
Tags: information security professionals, information security, bad, handle bad events, business, predictprevent bad events, track information security, skills, institute control measures
 
 
 
 
Expand article

IT Risk Management

2008-03-28 13:09:26 by Marc Othersen in Security & Risk Management
 
...scenarios linking risks and controls, and establish a common risk language to clearly communicate with business leaders In order for the framework to have a solid risk-based foundation we will be using many of the principles of COSO. In particular, the framework will be based on event identification, risk assessment, risk response, and...
 
Tags: risk management, risk, risk management framework, risk events, major risk, risk assessment, key risk indicators, framework, risk response
 
 
 
 
Expand article

Communicating about risk - part 1

The Article has images
2008-05-05 18:12:14 by JonesJ in RiskAnalys.is
...scenarios I can live with this Lets say that youve done an analysis and the results look something like whats shown in the charts below (Ive included both a qualitative and a quantitative version At first glance, a decision maker might think This doesnt look so bad. I can live with this level of risk . But thats not necessarily the whole...
 
Tags: risk, effective, cost-effective risk management, fragile condition exists, condition, unstable condition, risk qualifiers, risk condition, risk chart perspective
 
 
 
 
Expand article

Doomsday!?

2007-01-30 01:37:00 by Jomni in Risk Management Quant
 
We've been hearing about several doomsday scenarios . The most relevant one we're hearing nowadays is Climate Change . But there are also people who speak about Financial Disaster and sites like Financial Armageddon is an example. Their concerns are plausible and worth thinking about Tags: books capital markets finance risk management
 
Tags: financial armageddon, doomsday scenarios, financial disaster, sites, change, worth, nowadays, relevant, tags
 
 
 
 
Expand article

An Option with a Negative Value?

2006-07-28 08:38:00 by Jomni in Risk Management Quant
 
...scenarios using the Black-Scholes and Binomial methods and the least value of an option is zero ("worthless But it is possible for an option position (note that I'm talking about an option position) to have a negative value when doing mark-to-market valuation . Marking-to-market is getting the close out (unwind) value of the position. And it...
 
Tags: option, negative option, option seller, option writer sells, option buyer, option position, negative, position, writer
 
 
 
 
Expand article

Top infosec risks for 2008

2007-12-30 16:07:53 by Editor in Security Links
 
From CISSP forum We have completed and published our collaborative white paper listing the top information security threats, vulnerabilities and impacts, along with some risk scenarios and controls, as we head towards the new year http://www.iso27001 security. com/Top informat ion security risks for 2008.pdf
 
Tags: collaborative white paper, iso27001 security, cissp forum, risk scenarios, head, pdf, impacts, vulnerabilities, controls