IT is about executing predictable business processes. Security is about reducing the impact of unpredictable attacks to a your organization. IT and security adopt a common goal and a common language – a language of customer-centric threat modelling Typically, when a company ( business unit, department or manager) needs a line of business software application, IT …
Read more »I think it’s only a question of time before we have a drive by execution of a politician with an ICD (implanted cardiac device). I’ve been talking to our medical device customers about mobile security of implanted devices for over a year now. I gave a talk about mobile medical device security at the Logtel …
Read more »If you’re a a information security and compliance analyst, we have an offer that cannot be beat. Get PTA ( Practical Threat Analysis) Professional software from our colleagues at Practical Threat Analysis Technologies totally free for one year. After the year is up, just drop them an email, and you’ll get a free license renewal. When you …
Read more »The distribution of video over multicast-broadcast networks and content storage at by users with Windows PCs and PVRs has created a huge threat surface for digital content. Typical to flawed security countermeasures, HDCP and AACS exacerbate and enlarge the threat surface rather than enhance revenues and reduce risk. In this article we will show that …
Read more »I first heard the idea about hedging risk against actual future disasters (man-made or natural) around the time of Hurricane Katrina. The essay below by professor Avinash Persaud considers the creation of a terrorism futures market. The ideas are particularly timely in the context of the unrest in Libya and the uptick in oil prices. Right …
Read more »Hot spots for medical device software security I think that 2011 is going to be an exciting year for medical device security as the FDA gets more involved in the approval and clearance process with software-intensive medical device vendors. Considering how much data is exchanged between medical devices and customer service centers/care givers/primary clinical care teams and …
Read more »Here are 7 steps to protecting your small business’s data and and intellectual property in 2011 in the era of the Obama Presidency and rising government regulation. Some of these steps are about not drinking consultant coolade (like Step # 1- Do not be tempted into an expensive business process mapping project) and others are adopting best practices …
Read more »Several factors combine to make data security in the cloud a challenge. Web applications have fundamental vulnerabilities. HTTP is the cloud protocol of choice for everything from file backup in the cloud to Sales force management in the cloud. HTTP and HTML evolved from a protocol for static file delivery to a protocol for 2 …
Read more »A conversation with a client this morning revolved around software development tool alternatives in an environment of Web Socket. Why not use Flash on the client and AMF on the server side?, the client asked. I hesitated for a moment and answered – because Adobe is proprietary and closed source and the only developers looking …
Read more »In my article – “How to assess risk – Part I: Asking the right questions”, I talked about using attack modeling as a tool to collect data instead of using self-assessment check lists. In this article, I’ll drill down into some of the details and provide some guidelines on how to actually use attack modeling …
Read more »