This week, we made some pretty good progress toward formalizing the conceptual threat modeling work at OMG: OMG SysA Meeting On Wednesday the team presented the result of the last 3 months of work on the conceptual threat model (please…
Tag: cyber security
There are a lot of organizational Tactics, Techniques, and Procedures (TTPs) in Counterintelligence (CI) that can inform more efficient Defensive Cyber Operations (DCO) or more generally Computer Network Defense (CND) 1 processes and strategies. While the mapping is not perfect,…
Here is some progress we made recently as part of the OMG threat modeling working group: in order to guide the development of the threat meta mode, we have agreed to scope the work by looking into defining specific use…
We had a number of successful meetings after the OMG Technical Meeting in December, culminating in a Kick-Off Meeting on Jan 6, 2014. At that meeting, we reviewed the current status of the project, and received great guidance and support…
At the OMG Technical Meeting in Santa Clara, CA today I presented some thoughts on creating a comprehensive model for describing information security threats. My session was hosted by the System Assurance Task Force as part of their charter to…
Right now, I am looking into alternative multi-factor authentication solutions. There are the obvious contenders such as SecureID or smartcards, but they tend to be on the pricy side, especially if want to use them for your blog, your home…
Starting with the new year, I am working with Demandware as their new Chief Security Officer. In this role I will be responsible for developing and implementing a comprehensive corporate information security governance and management framework, covering all aspects of security…
Peter and Anil recently made a very important point why attributes cannot be assigned “assurance” levels akin to authentication decisions. Instead, they suggested that attributes and their sources may be assigned “confidence scores” that may allow a service provider to…
Anil talks about LoA for attributes in response to some of the discussion at the recent IDTrust at NIST. This discussion came up a couple of times before, and I seem to recall talking about this: In the bigger picture…
Fresh from my router. Maybe I am paranoid, but this has all the hallmarks of reconnaissance written all over … 2012 Mar 1 02:25:53 [Gateway] [kernel] WAN2DMZ[DROP] IN=WAN OUT=WAN SRC=115.168.71.84 DST=192.168.1.248 PROTO=UDP SPT=5060 DPT=5060 2012 Feb 27 16:40:39 [Gateway] [kernel] WAN2DMZ[ACCEPT]…