SEARCH RESULTS
 
Showing 1-10 of 329 records
 
Expand article

What is a Wise Risk Decision Worth? or ISO 27001 KPIs Follow Up

2008-12-03 15:47:11 by Alex in RiskAnalys.is
 
...simply metrics mapped to the ISO (i.e. the ISO isnt a pre-requisite for generating this information). They are not KPIs that express the value of ISO implementation. Problem is the metrics created here still require some level of translation in order to create some value statement that data owners can understand. As Myrcurial twittered me...
 
Tags: iso, iso google, iso adoption, iso implementation, iso folks, iso adoption helps, risk, google iso compliance, iso implementation differs
 
 
 
 
Expand article

Supporting your family, friends, and neighbors

2008-02-13 17:45:40 by Steve Riley in Steve Riley on Security
 
...simply no excuse for running a PC connected to the Internet without a firewall. Computers running anything older than Windows XP SP2 should be upgraded immediatelyand this is again where you can help. Visit your FFN and ensure that everyone has installed the service pack Make a habit of ensuring that the automatic update client is running...
 
Tags: suspicious e-mail message, mail, home computers defense, home computers, e-mail, home, web mail, windows live mail, site
 
 
 
 
Expand article

Myth vs. reality: Wireless SSIDs

2007-10-16 07:08:58 by Steve Riley in Steve Riley on Security
 
...simply capture the hundreds of association frames or probes that litter your air. No amount of "hiding" configured in your access points can prevent this kind of traffic interception So there you have it, simple SSID discovery. The old axiom remains true: security by obscurity is no security at all. Hiding an SSID will not hide a wireless...
 
Tags: simple ssid discovery, network, ssid, wireless network, networks, enterprise networks, wireless networks, mac, secure networks
 
 
 
 
Expand article

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive
 
...simply don't exist in a meaningful way. You can't measure configuration management in your design phase for example Rather than just being destructive here is my modified group of metrics Unvalidated Input I actually like the metric from the paper. Measuring input validation schemes against the percent of input they cover is a pretty good...
 
Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security
 
 
 
 
Expand article

Is Microsofts SDL Working?

2008-05-16 11:05:09 by Burton Group in Security and Risk Management Strategies Blog
 
...simply compare the number of public vulnerabilities disclosed for products prior to SDL with similar products developed after SDL. The most recent case was comparing Windows XP SP2 to Vista vulnerabilities in the first year. The count is down and Microsoft provides a quick and easy example of the logical fallacy post hoc ergo propter hoc...
 
Tags: sdl, sdl efforts, sdl effectiveness, microsoft, microsoft surely, specific microsoft platform, effectiveness, effectiveness level, microsoft suggests
 
 
 
 
Expand article

Is Microsoft???s SDL Working?

2008-05-16 11:05:09 by Burton Group in Security and Risk Management Strategies Blog
 
...simply compare the number of public vulnerabilities disclosed for products prior to SDL with similar products developed after SDL. The most recent case was comparing Windows XP SP2 to Vista vulnerabilities in the first year. The count is down and Microsoft provides a quick and easy example of the logical fallacy ???post hoc ergo propter...
 
Tags: sdl, microsoft, sdl efforts, sdl effectiveness, microsoft surely, specific microsoft platform, microsoft suggests, effectiveness, effectiveness level
 
 
 
 
Expand article

Complex Events are Composed of Objects Defined by States

2008-07-15 06:17:30 by Tim Bass in The Complex Event Processing Blog
 
...simply object-states Complex events are generally composed of objects and the state of the complex event is defined by the objects in the complex event determined by the states of the components of the objects in the model Another way to view this key point is that CEP is characterised as predicting outcomes (states) based on the relationship...
 
Tags: event, defines event, define event, define, complex event, objects, complex events, events, event-objects
 
 
 
 
Expand article

Modelling Situations for Event Processing

2008-07-15 05:04:21 by Tim Bass in The Complex Event Processing Blog
 
...simply say that CEP is about the real-time situation detection We represent situations in the domain of event processing by building and refining models of situations. This means that one way to develop CEP applications or designing CEP architectures is to define situations of interest and build models that define the situation After we have...
 
Tags: model, airplane collision model, simple model, model simple, situations, hierarchical model, complex model, simple airplane model, real-time situation detection
 
 
 
 
Expand article

The Magical ATM Card and SMS Message in Thailand

2008-08-03 13:30:52 by Tim Bass in The Complex Event Processing Blog
 
...simply walk up to an ATM machine and pay a mobile phone bill, purchase mutual funds, buy insurance, or transact an ever-growing list of services payable at the modern and sleek K-Bank ATM For example, tomorrow I fly to Chiang Mai in Northern Thailand and found K-Banks service amazingly better than in the US. For example, I booked my flight as...
 
Tags: atm, k-bank atm machine, sleek k-bank atm, k-bank, thailand, atm machine, banks, perfect window seat, perfect
 
 
 
 
Expand article