PRO+ Premium Content/Information Security magazine

Thank you for joining!

Access your Pro+ Content below.

October 2009

Adrian Perrig: Improve SSL/TLS Security Through Education and Technology

This article is part of the Information Security magazine issue of October 2009

Despite much recent progress in the area of user-centric design of secure systems, user error continues to cause a large number of security vulnerabilities in current systems. Both user education and technology can help to improve this situation. At CyLab at Carnegie Mellon University, our goal is to improve security in all aspects of society. First, we developed educational programs to train students in security. Second, CyLab researchers also engage in several efforts to design systems that continue to remain secure despite human errors, as well as develop technologies that provide improved situational awareness to the user. Using the Secure Socket Layer (SSL) / Transport Layer Security (TLS) protocols for secure https Web connections as a case study, we will first describe how education has helped improve Web security, followed by a description of the Perspectives project, which provides additional information for users to make better security decisions. To provide some background for our discussion, we briefly revisit some ...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

Melissa Hathaway: Government Must Keep Pace with Cybersecurity Threats
by Melissa Hathaway
Securing the Internet means to much to the future of the U.S. economy and national security.
Bruce Jones: Report Security and Risk Metrics in a Business-Friendly Way
by Bruce Jones
Security metrics must, not only provide a view of security posture, but must support security budgeting and investment processes.
Bernie Rominski: Communicate Effectively with Management about Risk
by Bernie Rominski
Learn how to communicate with senior management about risk; it's your job.

Tony Spinelli: Prioritize Information Security over Compliance
by Tony Spinelli
Organizations need to prioritize security over compliance to ensure comprehensive risk mitigation.
Information Security magazine 2009 Security 7 Award winners

Information Security magazine annouces the winners of its fifth annual Security 7 Awards.
SOX compliance burdens midmarket security teams

Smaller public companies bear significantly higher pain in terms of revenue and costs per employee complying with Sarbanes-Oxley.

Jerry Freese: Make Critical Infrastructure Protection a Priority
by Jerry Freese
Critical infrastructure protection must be addressed today to protect our country tomorrow.
Developers Need Help with Security Errors

SQL injection attacks continue to plague Web applications. Companies need to invest in technology and education to hold off hackers.
Adrian Perrig: Improve SSL/TLS Security Through Education and Technology
by Adrian Perrig
Carnegie Mellon University's CyLab designs security to improve all aspects of society.

Jon Moore: Build a Security Control Framework for Predictable Compliance
by Jon Moore
Health care provider Humana Inc., has developed a security controls framework that addresses all of the industry and federal regulations it must comply with.

Columns in this issue

Editor's Desk: Security 7 Winners Chronicle Trends That Shape The Industry

Looking back at five years of award winners provides a timeline of security trends that you need to absorb.
How to avoid Internet liability lawsuits
by Jeanne Debus
Enterprises face numerous potential liabilities online. Avoiding lawsuits requires a sound cyber risk management plan.

View Information Security magazine Archives

SearchCloudSecurity

Access your Pro+ Content below.

Adrian Perrig: Improve SSL/TLS Security Through Education and Technology

Access this PRO+ Content for Free!

Features in this issue

Melissa Hathaway: Government Must Keep Pace with Cybersecurity Threats

Bruce Jones: Report Security and Risk Metrics in a Business-Friendly Way

Bernie Rominski: Communicate Effectively with Management about Risk

Tony Spinelli: Prioritize Information Security over Compliance

Information Security magazine 2009 Security 7 Award winners

SOX compliance burdens midmarket security teams

Jerry Freese: Make Critical Infrastructure Protection a Priority

Developers Need Help with Security Errors

Adrian Perrig: Improve SSL/TLS Security Through Education and Technology

Jon Moore: Build a Security Control Framework for Predictable Compliance

Columns in this issue

Editor's Desk: Security 7 Winners Chronicle Trends That Shape The Industry

How to avoid Internet liability lawsuits

CyberArk warns of 'shadow admins' in cloud environments

How enterprises should handle GDPR compliance in the cloud

Compromised cloud credentials still plaguing enterprises

Top application delivery controllers offer range of options

New Accedian SkyLIGHT PVX has root-cause analytics

New CDN services give providers an edge in WAN marketplace

The CIO voice in the boardroom: Skills needed to get there

Workplace 'mindfulness' as coping mechanism for AI disruption

Juniper CEO Rahim stresses cybersecurity training, automation at RSA 2018

Spectre and Meltdown vulnerabilities show haste makes waste

Workflow automation software improves LA court productivity

How to create a custom Windows 10 image for deployment

Users demand more from containers in cloud

IaaS and PaaS blurred lines increase lock-in risks

Single pane of glass for multi-cloud management still elusive

Full-fibre broadband specialist CityFibre acquired for £538m

Unified communications supplier Mitel bought by VCs

NHS shared care records: progress, projects and privacy