| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Security & Vulnerability Analysis of Wireless Messaging Protocols & Applications Wireless messaging is now a dynamic ingredient in the communication modes of our life. Many applications over the Internet now use wireless messages to contact with the enduser. This paper describes the messaging infrastructure and the related protocols used in this scenario. It also presents many ways you can use the wireless networks to talk with your applications. There is also a growing concern over how much these services are secure and how they can be compromised, which are described briefly in this presentation.
By Atique Ahmed Khan, 02/21/2005
|
|
Systems Security Assessment: A Simple Baseline This document is intended to provide basic guidelines to systems administrators and engineers with regard to assessing vulnerabilities for two distinct environments. It is not intended to be a complete doctrine or the only solution as the effort to maintain good systems security never ends. Instead, use this paper as a path to a reasonably sound foundation on which to build. This guideline will describe a list of vulnerabilities as they apply to servers, at the physical, OS and infrastructure in any environment.
Russ McRee,
01/28/2005
|
|
Practical Threat Analysis for the Software Industry This paper describes Practical Threat Analysis (PTA); a calculative threat modeling methodology and a CASE tool that assists software security analysts and software developers in assessing system risks and building the most effective risk reduction policy for their system.
Ygor Goldberg,
01/10/2005
|
|
Security Review of DidTheyReadIt.com DidTheyReadIt is a new service on the net. It has garnered some attention from the privacy community already: I will deal with some of that later. I would like to examine the actual operations of the service. The discussion surrounding it has been marked by assumptions and lack of knowledge. Some assertions have been made that are at odds with the actual operations. DidTheyReadIt is both less, and more, dangerous than has been made out
By Rob Slade, 08/24/2004
|
|
Implementing a Successful Security Assessment Process The goal of a security assessment, (also known as a security audit or security review), is to ensure that necessary security controls are integrated into the design and implementation of a project. A properly completed security assessment should provide documentation outlining any security gaps between a project design and approved corporate security policies.
By Bradley Hart, 04/29/2004
|
|
Facilitating the Qualitative Security Assessment: Overview of the Process of Defining and Delivering The result of an effective security assessment is that management is in a better position to make informed decisions concerning the delivery of appropriate security controls for their business processes. It is the intent of this paper to provide an overview of how to involve the appropriate decision makers and the solution providers in the delivery of costeffective security controls for application systems. The primary beneficiary of this overview is the individual who is charged with facilitating the security assessment process.
By Mike Kleckner, 04/23/2004
|
|
Defining a Risk Assessment Process for Federal Security Personnel One goal of this paper is to provide general guidance on security resources for federal information system security officers within a federal agency. Another goal is to provide a basic template or outline for preparing to conduct a risk assessment as part of the agency's electronic and physical systems accreditation and certification process as required by Office of Management and Budget (OMB) Circular No A-130, Appendix III, the Computer Act of 1987, and other federal mandates.
04/03/2004
|
|
Case Study: Security Assessment at a Small Technology Corporation Our company has developed a Trusted Space for client-server and Web-enabled applications, allowing businesses to safely access and exchange confidential information electronically through the Internet. As we continue to develop products and services on our internal networks, and our suite of Internet Trust Services helps businesses confidently and securely move key business functions online, the security and confidentiality demands must be adequate. Our in-house IT security team, relying heavily on our past experiences and knowledge, performed an independent security assessment. Even though the people on the assessment team were all internal employees, the review was able to remain independent because of the team's limited knowledge of the internal configuration; the team was made up of recently hired individuals. The assessment included the areas of its ASP, internal network infrastructure, and firewalls.
04/03/2004
|
|
Application of the Survivable Network Analysis Method to Secure My Office System I will present the results of applying the Survivable Network Analysis method to my office system. A brief overview of the method will be presented followed by a detailed description of the method. The method consists of four basic steps which will be explained. I will show how to implement these steps and the results obtained in the application of this method to securing my system. The final results of the analysis will be presented which show that this method can produce a survivable Windows 98 machine, Sun machine and a disk array. I wanted to perform a risk assessment on my office environment. I also wanted to plan and implement new features to my existing configuration. The Survivable Network Analysis (SNA) method was chosen. This method was used because it is capable of doing both assessments. I also chose this method because security is an integral part of each step.
04/03/2004
|
|
Full Lifecycle Security Assessment - A Case Study A security assessment is the first step to security awareness. Often a company knows that they are not secure simply because they have not taken proactive steps to address it. However, they have no idea what makes them insecure. Having a qualified security consultant or firm come in to perform a complete security assessment (which is more than is addressed in this paper, with topics such as physical security, mobile security, and much more) should be done before any money is spent on hardware or software. This assessment should give you the roadmap for where and what to spend money on, and in what order.
04/03/2004
|
|
Page: 1 23 |
