Security Management Strategies for the CIOAccess "Interview with Macbook Hacker Dino Dai Zovi"
This article is part of the March 2008 issue of Reviews of six top Web application firewalls
Dino Dai Zovi, one of the men behind the MacBook hack at last year's CanSecWest conference, is a respected researcher, and that's just in his spare time. By day, Dai Zovi is a security professional in the financial services industry, where he's knee-deep in the movement toward quantifying risk in an organization. DINO DAI ZOVI What can you share about the risk scoring system you're working on? It's based mainly on the Common Vulnerability Scoring System. I previously had a homebrew system, but I found having things standardized, with vulnerabilities coming pre-rated from vendors, made my life easier. What I really cared about was scoring them for my environment. Doing the research into a vulnerability provided a flexible framework for me to model less specific vulnerabilities, as opposed to specific security product vulnerabilities. It allowed me to model larger vulnerabilities in that same system. Are you seeing security moving toward a risk management function in the financial services community? I've seen a fair amount of financial institutions adopting ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Case Study: Company deploys full disk encryption policy on laptops
One billion-dollar company isn't taking chances with data stored on its laptops. It deployed full disk encryption on every machine, an increasingly popular security strategy.
-
SonicWALL NSA E5500 product review
Product review of SonicWALL NSA E5500 security tool basic and advanced firewall features, setup, pricing, VPN and wireless security.
-
Novell's Sentinel 6.0 product review
In this product review of Novell's Sentinel 6.0, an addition to the SIEM market, learn about cost, setup, OS support, configuration and management.
-
Klocwork Insight Tool Dynamically Tests Security of Applications
Klocwork Insight tool sandbox technology allows developers to test code and security of applications while remaining insulated from the rest of the code.
- Viewpoint: War analogies tread a fine line
-
Case Study: Company deploys full disk encryption policy on laptops
-
-
Security Services: TraceSecurity Risk Manager
At Your Service
-
Product review: Palo Alto Networks PA-4050
NETWORK FIREWALL
-
Imperva SecureSphere Database Gateway product review
Imperva's SecureSphere Database Gateway is evaluated for its installation and configuration, management and monitoring, vulnerability assessment and reporting capabilities.
-
Security Learning its Role in E-Discovery
Security teams are learning their crucial role in processing e-discovery requests.
-
Comparative Product Review: Six Web Application Firewalls
No longer can security managers focus only on perimeter and host security. The application has become the prime target for hackers. We review six leading Web application firewalls from Barracuda, Bee Ware, Breach Security, Citrix, F5 and Imperva that help deliver your critical apps securely.
-
Security Services: TraceSecurity Risk Manager
-
Columns
-
Face-Off: Is Security Market Consolidation a Plague or Progress
Bruce Schneier and Marcus Ranum debate the impact of market consolidation on information security.
-
Interview with Macbook Hacker Dino Dai Zovi
PING: Dino Dai Zovi
-
E-Discovery Compliance Requires Security Pros to Think As Lawyers Do
Perspectives: Think Like a Lawyer
-
Researcher Puts Quantitative Measurement on Information Security Threats
Editor's Desk: Score One for Threats
-
Face-Off: Is Security Market Consolidation a Plague or Progress
More Premium Content Accessible For Free
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...