Information Security Group of Africa, meeting 9

SA Security Bloggers

SensePost

Haroon Meer
link

Matt Erasmus
link

Andrew Mohawk

Junaid Loonat
link

Barry Irwin
link

Tom Wells

Allen Baranov
link

Jock Forrester
link

IT Security Pubcast
link

Telspace

ISGAfrica

Ralfe Poisson

How-To's
link Linux SSH Jail with pam_chroot
link Firefox Privacy & Security Extensions

Papers
link Managing Patching, my MSc Thesis
link Risk Analysis of Monthly Patch Schedules

Tools
link Automated Vodacom SMS (VodaSMS)
link RSS 2 SMS
link DShield Hack Detection

Neologisms
link Encryption principles
link Zoolander's Law

Syndicate This Blog

SSL

Certificate fingerprints:

SHA1: 61 13 45 4B 4C F9 89 9B B7 87 C8 78 F7 38 12 CB 07 E2 60 BF
MD5 : DA 53 7B 50 E4 3A 2C 6C A1 17 53 C1 A0 5E CB 89

HTTPS version.
You can find an explanation here.

License

Original content in this work is licensed under a Creative Commons License

Disclaimer

This blog and its contents are in no way affiliated with, or endorsed by my employer.

Random Entry: WiFi Mapping and Coverage Tool
< Another Day, Another IE 0day | Digital Entropy >

Wednesday, April 26. 2006

Information Security Group of Africa, meeting 9

Today we (Deloitte) hosted the ISGA (formerly WhiteHat) meeting. I was in charge from Deloitte's side. Apart from a few hiccups related to broken amps and late coffee it went off fairly smoothly. I got the chance to present, my presentation was entitled: "Threat Monitoring: Reading Risk the Wrong Way".

It basically provides a justification as to why threat monitoring is important, and how people ignore the "threat" component of the risk equation. A component of threat monitoring is having decent threat models. For this I discussed how security researchers have gotten the vulnerability life cycle wrong, and provided a corrected model based on combining the conclusions of several researchers.

The slides can be found here.

Posted by Dominic White in Security at 14:42 | Comments (0) | Trackback (1)

Trackbacks

Trackback specific URI for this entry

Vulnerability Life Cycle
Schneier once proposed a vulnerability life cycle in a Crypto-Gram newsletter. However, during the time of writing my thesis, there were several important pieces of research no-one had put together to come up with a 'more correct' vulnerability life cyc

Weblog: Dominic White's .tHE pRODUCT
Tracked: Jul 19, 13:08

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Name
Email
Homepage
In reply to
Comment	E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information? Subscribe to this entry