Collaborate Disseminate
I recently stayed at a hotel where outbound SSH traffic (and seemingly only SSH traffic) was blocked on the guest WiFi network, and I’m trying to figure out what security-based rationale they might have had for this policy. Unfortunately, … Continue reading What would be the security rationale for a hotel blocking only SSH traffic?
Is Cyber Threat Intelligence included (or can it be included/ fall under the umbrella of) in first two domains (namely "Security and Risk Management" and "Asset Security") of CISSP?
Continue reading Can first two domains of CISSP include Cyber Threat Intelligence?
Please see the image below which represents an algebraic definition of the Dolev Yao Closure. From reading around, it appears this is BAN logic and that the lines mean "If you believe the above statement is true, then you must believe… Continue reading How should I interpret this definition of the Dolev Yao Closure?
I m doing a Risk analysis according to an information security risk management guideline and in the risk assessement table there was a column called "initial Likelihood of risk scenario".
What is the difference between the likeli… Continue reading What is meant with "initial" in Initial Likelihood of risk scenario?
I am woking on a project where I need to build a blueprint security model for a proxy that should mediate and handle communication between two computers. Because this is a first for me, I don’t have a lot information about "security m… Continue reading How do you build a good security model for a proxy?
I have recently started creating an online Tetris type of game, and I was wondering what amount of security I should implement for an online match. I am in a conflict where I want to make my game as secure as possible, but if someone were … Continue reading To what extent should security measures be ignored for the sake of operational efficiency?
I asked this question in money about telling my bank about using a second hand or grey market mobile phone. The the implication of some of the comments is that any worry is misplaced.
It seems to me that one could be exposed to financial … Continue reading Is using a second hand/grey market phone for banking security a credible risk?
I have been looking at risk assessments lately and I am looking for a way to practically estimate likelihood. Most people recommend assessing based on historical precedent which sounds great to me, however some risks have never materialize… Continue reading Likelihoods for risk assessment
The safety requirement confuses me when I look at security risk assessment methodologies. Looking at safety alone, it usually is related to the physical aspect and the physical interactions between a system and the user. But it also looks … Continue reading Safety assessment vs. Security assessment. What’s the difference?
There are many risk assessment guidelines such NIST800-30 and ISO 27005 that provide a catalogue of known threats as reference. Using a qualitative approach, I selected one threat events catalogue and I tried to select the threats that are… Continue reading How to use pre-existing threat catalogue to determine if a certain system is vulnerable?