"Space Invaders Security", 07.06.2007, Security und Security-Management (Kristian Köhntopp), http://blog.koehntopp.de/uploads/security_management_berlin.pdf
(memory transcript: http://mysqldump.azundris.com/archives/49-Security-and-the-real-world.html )
"Sacrificing Minions - is there any problem it can't solve?" Xykon, Order of the Stick
(Verweis auf Unterschiede Safety / Physical Security und Information Security. Überleitung Space Invaders)
Portfolio-Analyse
Szenario-Techniken
http://en.wikipedia.org/wiki/Black_swan_theory
31.03.2009
Zeug für die Thesis, unsortiert
31.03.2009 16:11 / Kommentare (0) / Kommentieren? /
Kategorien: / ICT - IT-Sicherheit /
29.03.2009
Zitat für die Thesis
29.03.2009 02:23 / Kommentare (0) / Kommentieren? /
Kategorien: / ICT - IT-Sicherheit /
Dan Borge's definition of risk management:
"the purpose of risk management is to change the future, not to explain the past."
(Dan Geer, Mi 25.03.2009, securitymetrics.org Mailingliste)
"the purpose of risk management is to change the future, not to explain the past."
(Dan Geer, Mi 25.03.2009, securitymetrics.org Mailingliste)
17.03.2009
Neues von der ISO (599 - 603)
17.03.2009 10:07 / Kommentare (0) / Kommentieren? /
Kategorien: / ICT - IT-Sicherheit /
Kein so grosser Schwung an Standardversionen diesmal.
(Und wie üblich mit ein paar Tagen Verzögerung von meiner Seite. Anyway.)
Für Study&Comment:
1st WD ISO 18033-4 "Encryption algorithms – Part 4: Stream ciphers"
Für Information&Vote:
FDIS ISO 24761 "Authentication context for biometrics"
FDIS ISO 27000 (deutsch) "Überblick und Terminologie" (Übersetzung ins deutsche durch das BSI)
(Und wie üblich mit ein paar Tagen Verzögerung von meiner Seite. Anyway.)
Für Study&Comment:
1st WD ISO 18033-4 "Encryption algorithms – Part 4: Stream ciphers"
Für Information&Vote:
FDIS ISO 24761 "Authentication context for biometrics"
FDIS ISO 27000 (deutsch) "Überblick und Terminologie" (Übersetzung ins deutsche durch das BSI)
25.02.2009
Neues von der ISO (590 - 598)
25.02.2009 17:27 / Kommentare (0) / Kommentieren? /
Kategorien: / ICT - IT-Sicherheit /
Die Weiterleitung hakte mal wieder und dann war Karneval, etc.
DIN-Announcements 590 - 598 beinhalteten den folgenden Schwung:
Für Study&Comment:
4th WD ISO 24745 "Biometric template protection"
6th WD ISO 24760 "A framework for identity management"
3rd WD ISO 27031 "Guidelines for ICT readiness for business continuity"
2nd WD ISO 27032 "Guidelines for cybersecurity"
3rd WD ISO 27034-1 "Application security - Part 1: Overview and concepts"
3rd WD ISO 29101 "Privacy reference architecture"
4th WD ISO 29115 "Entity authentication assurance"
3rd WD ISO 29128 "Verification of cryptographic protocols"
2nd WD ISO 29150 "Signcryption"
Zur abschliessenden Information:
FDIS ISO 27000 "Overview and vocabulary" (die Veröffentlichung ist für Mai zu erwarten)
Zusätzlich wurde der Draft des ASIS-Standards "Business Continuity Management: Requirements with Guidance for Use" zur allgemeinen Information verteilt.
DIN-Announcements 590 - 598 beinhalteten den folgenden Schwung:
Für Study&Comment:
4th WD ISO 24745 "Biometric template protection"
6th WD ISO 24760 "A framework for identity management"
3rd WD ISO 27031 "Guidelines for ICT readiness for business continuity"
2nd WD ISO 27032 "Guidelines for cybersecurity"
3rd WD ISO 27034-1 "Application security - Part 1: Overview and concepts"
3rd WD ISO 29101 "Privacy reference architecture"
4th WD ISO 29115 "Entity authentication assurance"
3rd WD ISO 29128 "Verification of cryptographic protocols"
2nd WD ISO 29150 "Signcryption"
Zur abschliessenden Information:
FDIS ISO 27000 "Overview and vocabulary" (die Veröffentlichung ist für Mai zu erwarten)
Zusätzlich wurde der Draft des ASIS-Standards "Business Continuity Management: Requirements with Guidance for Use" zur allgemeinen Information verteilt.
22.01.2009
Neues von der ISO (590)
22.01.2009 10:35 / Kommentare (0) / Kommentieren? /
Kategorien: / ICT - IT-Sicherheit /
Und direkt ein neues Announcement (Nr. 590)
Für Study&Comment:
Proposed Draft Amendment ISO/IEC 9798-3:1998/PDAM 1 "Entity authentication - Part 3 : Mechanisms using digital signature techniques - Amendment 1"
Final Proposed Draft Amendment ISO/IEC 18033-4:2005/FPDAM (2nd) "Encryption algorithms – Part 4: Stream ciphers - Amendment 1"
1st WD of NWIP "Lightweight cryptography"
1st WD ISO/IEC 9796-2 "Digital signature schemes giving message recovery — Part 2: Integer factorization based mechanisms"
3rd WD ISO/IEC 9797-3 "Message authentication codes - Part 3: Mechanisms using a universal hash-function"
1st WD ISO/IEC 11770-5 "Key management - Part 5: Group key management"
1st WD ISO/IEC 18031 "Random bit generation"
2nd WD ISO/IEC 29147 "Responsible vulnerability disclosure"
2nd WD ISO/IEC TR 29149 "Best practice on the provision of time-stamping services"
Für Information&Vote:
1st CD ISO/IEC 9798-1 "Entity authentication - Part 1: General"
1st CD ISO/IEC 27035 (revision of TR 18044) "Information security incident management"
FCD ISO/IEC 18014-3 "Time-stamping services - Part 3: Mechanisms producing linked tokens"
FCD ISO/IEC 27033-1 (revision) "Network security -- Part 1: Guidelines for network security"
FDIS ISO/IEC 13888-1 "Non-repudiation – Part 1: General"
Für Study&Comment:
Proposed Draft Amendment ISO/IEC 9798-3:1998/PDAM 1 "Entity authentication - Part 3 : Mechanisms using digital signature techniques - Amendment 1"
Final Proposed Draft Amendment ISO/IEC 18033-4:2005/FPDAM (2nd) "Encryption algorithms – Part 4: Stream ciphers - Amendment 1"
1st WD of NWIP "Lightweight cryptography"
1st WD ISO/IEC 9796-2 "Digital signature schemes giving message recovery — Part 2: Integer factorization based mechanisms"
3rd WD ISO/IEC 9797-3 "Message authentication codes - Part 3: Mechanisms using a universal hash-function"
1st WD ISO/IEC 11770-5 "Key management - Part 5: Group key management"
1st WD ISO/IEC 18031 "Random bit generation"
2nd WD ISO/IEC 29147 "Responsible vulnerability disclosure"
2nd WD ISO/IEC TR 29149 "Best practice on the provision of time-stamping services"
Für Information&Vote:
1st CD ISO/IEC 9798-1 "Entity authentication - Part 1: General"
1st CD ISO/IEC 27035 (revision of TR 18044) "Information security incident management"
FCD ISO/IEC 18014-3 "Time-stamping services - Part 3: Mechanisms producing linked tokens"
FCD ISO/IEC 27033-1 (revision) "Network security -- Part 1: Guidelines for network security"
FDIS ISO/IEC 13888-1 "Non-repudiation – Part 1: General"