February | 2012 | Software Associates.

Debugging security

Posted in: Risk management, Risk mitigation|Tags: DLP, Information security, internal audit, Security engineering, security management|By: Danny Lieberman|February 8, 2012No Comments

There is an interesting analogy between between debugging software and debugging the security of your systems. As Brian W. Kernighan and Rob Pike wrote in “The Practice of Programming“ As personal choice, we tend not to use debuggers beyond getting a stack trace or the value of a variable or two. One reason is that it is …

Encryption, a buzzword, not a silver bullet

Posted in: Information security, PCI DSS, Risk mitigation|Tags: Application security, data security, data security breaches, Encryption|By: Danny Lieberman|February 5, 20121 Comment

Encryption, buzzword, not a silver bullet for protecting data on your servers. In order to determine how encryption fits into server data protection, consider 4 encryption components on the server side: passwords, tables, partitions and inter-tier socket communications. In these 4 components of a application / database server encryption policy, note that some countermeasures are …

Treat passwords like cash

Posted in: Physical security, Risk Assessment, Risk management|Tags: Default passwords, Weak passwords|By: Danny Lieberman|February 5, 2012No Comments

How much personal technology do you carry around when you travel? Do you use one of those carry-on bags with your notebook computer on top of the carry-on? A friend who is a commercial pilot had his bag swiped literally behind his back while waiting on line to check-in to a 4 star Paris hotel. …

Archives

Debugging security

Encryption, a buzzword, not a silver bullet

Treat passwords like cash