Collaborate Disseminate
Please see the image below which represents an algebraic definition of the Dolev Yao Closure. From reading around, it appears this is BAN logic and that the lines mean "If you believe the above statement is true, then you must believe… Continue reading How should I interpret this definition of the Dolev Yao Closure?
I m doing a Risk analysis according to an information security risk management guideline and in the risk assessement table there was a column called "initial Likelihood of risk scenario".
What is the difference between the likeli… Continue reading What is meant with "initial" in Initial Likelihood of risk scenario?
I am woking on a project where I need to build a blueprint security model for a proxy that should mediate and handle communication between two computers. Because this is a first for me, I don’t have a lot information about "security m… Continue reading How do you build a good security model for a proxy?
I have recently started creating an online Tetris type of game, and I was wondering what amount of security I should implement for an online match. I am in a conflict where I want to make my game as secure as possible, but if someone were … Continue reading To what extent should security measures be ignored for the sake of operational efficiency?
I asked this question in money about telling my bank about using a second hand or grey market mobile phone. The the implication of some of the comments is that any worry is misplaced.
It seems to me that one could be exposed to financial … Continue reading Is using a second hand/grey market phone for banking security a credible risk?
I have been looking at risk assessments lately and I am looking for a way to practically estimate likelihood. Most people recommend assessing based on historical precedent which sounds great to me, however some risks have never materialize… Continue reading Likelihoods for risk assessment
The safety requirement confuses me when I look at security risk assessment methodologies. Looking at safety alone, it usually is related to the physical aspect and the physical interactions between a system and the user. But it also looks … Continue reading Safety assessment vs. Security assessment. What’s the difference?
There are many risk assessment guidelines such NIST800-30 and ISO 27005 that provide a catalogue of known threats as reference. Using a qualitative approach, I selected one threat events catalogue and I tried to select the threats that are… Continue reading How to use pre-existing threat catalogue to determine if a certain system is vulnerable?
I am trying to understand the security concerns related to using the private network provided by my hosting ISPs.
The ISPs offer a private network feature that only my VPS instances are connected to. The private networks only support IPv4 … Continue reading How to understand risk of a hosting ISP private network?
Another question inspired by a recent discussion in the ‘The DMZ’ chatroom.
Long story short: IT guys are worried that accountants’ workstations may become compromised because accountants watch cat meme websites. Proposed solution: Lock do… Continue reading Realistically, how likely it is to have a computer compromised from browsing random websites?