Search For:

Displaying 1-12 out of 12 total
Service-Oriented Security Indications for Use
Found in: IEEE Security and Privacy
By Gunnar Peterson
Issue Date:March 2009
pp. 91-93
This installment of Building Security In examines why Information security has failed in the enterprise and describes directions toward a services-based security model.
 
Metricon 2.0
Found in: IEEE Security and Privacy
By John Steven, Gunnar Peterson
Issue Date:November 2007
pp. 81-83
The authors look at the recent Metricon 2.0 conference and discuss its highlights. In particular, the conference focused on the importance of metrics, especially as they apply to security.
 
Directions in Incident Detection and Response
Found in: IEEE Security and Privacy
By Richard Bejtlich, John Steven, Gunnar Peterson
Issue Date:January 2011
pp. 91-92
Richard Bejtlich leads a conversation on how incident detection and response (IDR) teams' focus on detecting and preventing attacks has moved from targeting OSs to unauthorized-access-application functionality and data. He discusses why this makes IDR so m...
 
Don't Trust. And Verify: A Security Architecture Stack for the Cloud
Found in: IEEE Security and Privacy
By Gunnar Peterson
Issue Date:September 2010
pp. 83-86
Cloud computing requires a new security model. One promising model employs technology
 
10 Quick, Dirty, and Cheap Things to Improve Enterprise Security
Found in: IEEE Security and Privacy
By James McGovern, Gunnar Peterson
Issue Date:March 2010
pp. 83-85
These tips can help you cheaply build some security into your enterprise.
 
A Metrics Framework to Drive Application Security Improvement
Found in: IEEE Security and Privacy
By Elizabeth A. Nichols, Gunnar Peterson
Issue Date:March 2007
pp. 88-91
This installment of Building Security In presents metrics that can help quantify the impact that process changes in one life-cycle phase have on other phases.
 
Introduction to Identity Management Risk Metrics
Found in: IEEE Security and Privacy
By Gunnar Peterson
Issue Date:July 2006
pp. 88-91
In this installment of Building Security In, the author presents some identity management risk metrics that highlight the distribution, quality, affiliation, and governance of identity in a system as well as inform the decision-making process.
 
How to Do Application Logging Right
Found in: IEEE Security and Privacy
By Anton Chuvakin, Gunnar Peterson
Issue Date:July 2010
pp. 82-85
As threats shift toward applications and as more companies struggle with compliance mandates and the limitation of protection technologies such as access control, the need for useful, comprehensive application logging can only increase. This article provid...
 
Software Assumptions Lead to Preventable Errors
Found in: IEEE Security and Privacy
By Andy Steingruebl, Gunnar Peterson
Issue Date:July 2009
pp. 84-87
Undocumented assumptions are often the cause of serious software system failure. Thus, to reduce such failures, developers must become better at discovering and documenting their assumptions. In this article, we focus on common categories of assumptions in...
 
Logging in the Age of Web Services
Found in: IEEE Security and Privacy
By Anton Chuvakin, Gunnar Peterson
Issue Date:May 2009
pp. 82-85
In today's age of Web applications connected via Web services, accountability has become both crucial and harder to achieve. The management of authentication, authorization, and accountability in these applications is therefore a very important and difficu...
 
Defining Misuse within the Development Process
Found in: IEEE Security and Privacy
By Gunnar Peterson, John Steven
Issue Date:November 2006
pp. 81-84
The software development industry often brings in security at the eleventh hour, right before developers throw the code over the wall--that is, deploy it into production--and ask,
 
The economics of finding and fixing vulnerabilities in distributed systems
Found in: Proceedings of the 4th ACM workshop on Quality of protection (QoP '08)
By Gunnar Peterson
Issue Date:October 2008
pp. 1-2
Robert Morris Sr. has noted that "security and especially cryptography are essentially economic issues." This talk describes the tradeoff analysis that occurs on a daily basis in enterprise information security and software development groups: what bugs an...
     
 1