Blogs about: Threat Modeling

Featured Blog

AVSIM: Real world example of the value of offsite backups

The owners of AVSIM, an important resource for Microsoft Flight Simulator users, worked for 13 years to build a well respected site.  Using two servers, they conscientiously backed up one to the other… more →

Tom Olzak on Security

AVSIM: Real world example of the value of offsite backups

Tom Olzak wrote 1 month ago: The owners of AVSIM, an important resource for Microsoft Flight Simulator users, worked for 13 years … more →

Tags: Backup, Disaster Recovery, hacking, business continuity, Cybercrime, intrusion, Security

Wobbly Security Frameworks are Often Fixed by Turning a Few Screws1 comment

Tom Olzak wrote 1 month ago: As security management becomes more integrated into business processes, it’s commonly seen as closel … more →

Tags: Risk Management, Security Management, Ephi, PCI DSS, Pii, Risk

Fear, Trust, and Desire: Fertile ground for social engineers1 comment

Tom Olzak wrote 2 months ago: According to the recently released Microsoft Security Intelligence Report (2H2008), social engineeri … more →

Tags: business continuity, Content Filtering, Cybercrime, data security, HIPAA, network security, PCI DSS, Risk Management, attack tree

Conficker: Unpreparedness was the problem, not the messenger4 comments

Tom Olzak wrote 3 months ago: As usual, finger-pointing about what is beginning to be seen as Conficker FUD is increasing.  Unders … more →

Tags: Cybercrime, Risk Management, hacking, Risk, attack tree, Conficker, malware

Compliance requires people supported technical solutions

Tom Olzak wrote 3 months ago: Although I agree that reliance on human behavior is not a good way to ensure information security po … more →

Tags: Cybercrime, business continuity, data security, Risk Management, hacking, Security, Risk, breach, Extrusión

You Just Have to Run Faster than the Bear

Tom Olzak wrote 3 months ago: For years, large businesses have spent millions to improve information security.  Much of this expen … more →

Tags: Cybercrime, business continuity, data security, Risk Management, hacking, Security, SMB, breach, Extrusión

Browsers are not security controls

Tom Olzak wrote 3 months ago: Major Internet browsers were shown to be hackable this week at CanSecWest.  This isn’t really … more →

Tags: firefox, Cybercrime, data security, Risk Management, Internet Explorer, Safari, Security, Risk, breach

Is Comcast Pulling Wool?

Tom Olzak wrote 3 months ago: Reports of data breaches aren’t uncommon.  And explanations are typically slow in coming, but … more →

Tags: Insider Risk, business continuity, data security, Risk Management, Security, Cybercrime, Insider Threat, breach, attack tree

Risk Mitigation Drives Breach Prevention Costs1 comment

Tom Olzak wrote 3 months ago: What do you tell your boss when you try to get additional—or any—breach control dollars into the IS … more →

Tags: Cybercrime, business continuity, data security, Risk Management, Security, Insider Threat, Risk, breach, attack tree

What is Threat Modeling?

Vinod wrote 4 months ago: What is Threat Modeling? Threat modeling is an engineering technique you can use to help you identi … more →

Tags: Manual Testing

CISG Team Blog2 comments

mcurphey wrote 10 months ago: The CISG Team Blog is now operational. We are initially blogging about things we are doing with Anti … more →

Tags: Security Blogs, Software development, software security, Web Security, Information Security Economics, Security Platforms, Microsoft, Working at Microsoft, CISG

Application Security Development Lifecycle 5A: Is Threat Modeling Right For You?1 comment

akshay aggarwal wrote 1 year ago: Several enterprises are increasingly investing time and money in building application security tasks … more →

Tags: Application Security, Business, governance, SDLC, Security, SDL

Raffaele Rialdi on Threat Modelling

mcurphey wrote 1 year ago: There is a nice video on the Virtual TechEd site here of RR, a Security Developer MVP. Raffaele Ria … more →

Tags: ACE Team, Information Security Economics, Security industry, Web Security, Working at Microsoft

Locks Are to Keep the Honest People Out1 comment

Andy wrote 1 year ago: The latest DevCares, from my perspective, was an appropriate deep dive after Tuesday’s MSDN E … more →

Tags: Cincinnati IT Community, DevCares, msdn, OWASP, Cincinnati, IT Community, andy erickson, Consulting, MSDN event

Reducing the Cost of Software Regression

Derek Callaway wrote 1 year ago: A widely held notion among computer scientists is that 80% of a programmer’s time is occupied … more →

Tags: Software Assurance, Digital Security, Systems Theory, Misceallaneous, Author: Derek Callaway, Regression Testing, Unified Process, UML, Patches

Generating a Security Code Review Checklist in Outlook 20072 comments

mcurphey wrote 1 year ago: My colleague and legendary Hummus eater Alik Levin (that’s my plate at lunchtime today but rum … more →

Tags: Security Blogs, Software development, software security, Web Security, Information Security Economics, Microsoft, ACE Team

From the Office of "Real World Software Security"16 comments

mcurphey wrote 1 year ago: When a customer development team was recently asked to use the AntiXSS library, validate input and e … more →

Tags: Software development, Security industry, software security, Web Security

Security Policies in the Application Development Process

mcurphey wrote 1 year ago: New article from John Steer on my team Security Policies in the Application Development Process … more →

Tags: Software development, software security, Web Security, Microsoft, ACE Team

IEEE Threat Modelling3 comments

mcurphey wrote 1 year ago: This paper from IEEE describes how Ford Motor Company use the Threat and Application Modelling tool … more →

Tags: ACE Team, Information Security, visualization, Web Security


Have your say. Start a blog.

See our free features →

Related Tags
All →

Follow this tag via RSS

Find other items tagged with “threat-modeling”:
Technorati Del.icio.us IceRocket