This week, we made some pretty good progress toward formalizing the conceptual threat modeling work at OMG: OMG SysA Meeting On Wednesday the team presented the result of the last 3 months of work on the conceptual threat model (please…
Category: Security
There are a lot of organizational Tactics, Techniques, and Procedures (TTPs) in Counterintelligence (CI) that can inform more efficient Defensive Cyber Operations (DCO) or more generally Computer Network Defense (CND) 1 processes and strategies. While the mapping is not perfect,…
Here is some progress we made recently as part of the OMG threat modeling working group: in order to guide the development of the threat meta mode, we have agreed to scope the work by looking into defining specific use…
We had a number of successful meetings after the OMG Technical Meeting in December, culminating in a Kick-Off Meeting on Jan 6, 2014. At that meeting, we reviewed the current status of the project, and received great guidance and support…
At the OMG Technical Meeting in Santa Clara, CA today I presented some thoughts on creating a comprehensive model for describing information security threats. My session was hosted by the System Assurance Task Force as part of their charter to…
Yahoo has started a program where users may request to have existing account and email names transferred to them. If a requested account has not been in use for an extended period of time, Yahoo will transfer this account to…
Right now, I am looking into alternative multi-factor authentication solutions. There are the obvious contenders such as SecureID or smartcards, but they tend to be on the pricy side, especially if want to use them for your blog, your home…
Peter and Anil recently made a very important point why attributes cannot be assigned “assurance” levels akin to authentication decisions. Instead, they suggested that attributes and their sources may be assigned “confidence scores” that may allow a service provider to…
Anil talks about LoA for attributes in response to some of the discussion at the recent IDTrust at NIST. This discussion came up a couple of times before, and I seem to recall talking about this: In the bigger picture…
Fresh from my router. Maybe I am paranoid, but this has all the hallmarks of reconnaissance written all over … 2012 Mar 1 02:25:53 [Gateway] [kernel] WAN2DMZ[DROP] IN=WAN OUT=WAN SRC=115.168.71.84 DST=192.168.1.248 PROTO=UDP SPT=5060 DPT=5060 2012 Feb 27 16:40:39 [Gateway] [kernel] WAN2DMZ[ACCEPT]…