Lost your password?

Blogs about: Threat Modeling

Featured Blog

Interesting Stats: B2B Threats

From Dark Reading's "Inside Out: Protecting your Partnerships--and Your Data… more →

Tom Olzak on Security

Microsoft Security Sites

SRF wrote 1 month ago: ESP: Nadie puede negar el esfuerzo que dedica Microsoft a la seguridad aunque haya gente que no lo a … more →

Tags: Microsoft, SDL, Security

Interesting Stats: B2B Threats

Tom Olzak wrote 3 months ago: From Dark Reading's "Inside Out: Protecting your Partnerships--and Your Data … more →

Tags: access controls, business continuity, Cloud Computing, data security, Policies and Processes, Risk Management, B2B, Insider Threat, malware

Pragmatic Threat Modeling

pinvoke wrote 3 months ago: Lately I have been doing training around the Microsoft prescribed threat modeling practice.  Today, … more →

Tags: dfd, Microsoft, microsoft SDL, Mitigation, Pragmatic, Process, Risk, SDL, Security

Blame the auditors: What a concept!1 comment

Tom Olzak wrote 4 months ago: I have never thought of this.  After a breach, just blame the auditors.  Wait.  The reason I hadn’t … more →

Tags: business continuity, data security, network security, PCI DSS, Risk Management, Security Management, breach, Ephi, HIPAA

AVSIM: Real world example of the value of offsite backups

Tom Olzak wrote 7 months ago: The owners of AVSIM, an important resource for Microsoft Flight Simulator users, worked for 13 years … more →

Tags: Disaster Recovery, Backup, hacking, Security, Cybercrime, intrusion, business continuity

Wobbly Security Frameworks are Often Fixed by Turning a Few Screws1 comment

Tom Olzak wrote 7 months ago: As security management becomes more integrated into business processes, it’s commonly seen as closel … more →

Tags: Risk Management, Security Management, Risk, PCI DSS, Pii, Ephi

Fear, Trust, and Desire: Fertile ground for social engineers1 comment

Tom Olzak wrote 8 months ago: According to the recently released Microsoft Security Intelligence Report (2H2008), social engineeri … more →

Tags: Cybercrime, business continuity, data security, Risk Management, PCI DSS, network security, Content Filtering, HIPAA, Security

Conficker: Unpreparedness was the problem, not the messenger4 comments

Tom Olzak wrote 9 months ago: As usual, finger-pointing about what is beginning to be seen as Conficker FUD is increasing.  Unders … more →

Tags: Cybercrime, Risk Management, hacking, Risk, attack tree, Conficker, malware

Compliance requires people supported technical solutions

Tom Olzak wrote 9 months ago: Although I agree that reliance on human behavior is not a good way to ensure information security po … more →

Tags: Cybercrime, business continuity, data security, Risk Management, hacking, Security, Risk, breach, Extrusión

You Just Have to Run Faster than the Bear

Tom Olzak wrote 9 months ago: For years, large businesses have spent millions to improve information security.  Much of this expen … more →

Tags: Cybercrime, business continuity, data security, Risk Management, hacking, Security, SMB, breach, Extrusión

Browsers are not security controls

Tom Olzak wrote 9 months ago: Major Internet browsers were shown to be hackable this week at CanSecWest.  This isn’t really … more →

Tags: firefox, Cybercrime, data security, Risk Management, Internet Explorer, Safari, Security, Risk, breach

Is Comcast Pulling Wool?

Tom Olzak wrote 9 months ago: Reports of data breaches aren’t uncommon.  And explanations are typically slow in coming, but … more →

Tags: Insider Risk, business continuity, data security, Risk Management, Security, Cybercrime, Insider Threat, breach, attack tree

Risk Mitigation Drives Breach Prevention Costs1 comment

Tom Olzak wrote 9 months ago: What do you tell your boss when you try to get additional—or any—breach control dollars into the IS … more →

Tags: Cybercrime, business continuity, data security, Risk Management, Security, Insider Threat, Risk, breach, attack tree

What is Threat Modeling?

Vinod wrote 10 months ago: What is Threat Modeling? Threat modeling is an engineering technique you can use to help you identif … more →

Tags: Manual Testing

CISG Team Blog2 comments

mcurphey wrote 1 year ago: The CISG Team Blog is now operational. We are initially blogging about things we are doing with Anti … more →

Tags: Security Blogs, Software development, software security, Web Security, Information Security Economics, Security Platforms, Microsoft, Working at Microsoft, CISG

Application Security Development Lifecycle 5A: Is Threat Modeling Right For You?1 comment

akshay aggarwal wrote 1 year ago: Several enterprises are increasingly investing time and money in building application security tasks … more →

Tags: Application Security, Business, governance, SDLC, Security, SDL

Raffaele Rialdi on Threat Modelling

mcurphey wrote 1 year ago: There is a nice video on the Virtual TechEd site here of RR, a Security Developer MVP. Raffaele Rial … more →

Tags: Security industry, Web Security, Information Security Economics, ACE Team, Working at Microsoft

Locks Are to Keep the Honest People Out1 comment

Andy wrote 1 year ago: The latest DevCares, from my perspective, was an appropriate deep dive after Tuesday’s MSDN Ev … more →

Tags: OWASP, Cincinnati IT Community, msdn, DevCares, Cincinnati, IT Community, andy erickson, Consulting, MSDN event

Reducing the Cost of Software Regression

Derek Callaway wrote 1 year ago: A widely held notion among computer scientists is that 80% of a programmer’s time is occupied … more →

Tags: Software Assurance, Digital Security, Systems Theory, Misceallaneous, Author: Derek Callaway, Regression Testing, Unified Process, UML, Patches


Related Tags
All →

Follow this tag via RSS