Assessing and Managing Security Risk in IT Systems
A Structured Methodology
“An increasing number of software organizations recognize that developing security requirements is more important than designing protections because paying attention to security requirements in the early stages of the software lifecycle potentially saves millions of dollars.”
Building Security Requirements
Security is not about features.
It is typically difficult (or impossible) to patch bad software, and nearly always costly to do so. Early consideration of security makes it part of the standard SDLC, and places it on a par with functional requirements. You can’t test what you don’t specify.
"75% of all attacks today occur at the application layer and bypass traditional firewalls."
1. Information States
Policy and Practices
3. Security Goals
4. Anatomy of A Breach
Why security requirements matter
SECURITY NEWS THIS WEEK: MICROSOFT’S PATCHING OLD VERSIONS OF WINDOWS BECAUSE THINGS ARE THAT BAD
INTEREST IN NORTH Korean hacking comes and goes, but this week experts cautioned that the US shouldn't underestimate or ignore this persistent and growing threat. The FBI and DHS even officially attributed the destructive WannaCry ransomware to the reclusive nation.
Meanwhile, new analysis from the cybersecurity firms ESET and Dragos Inc. offered details on the advanced, grid-sabotaging malware hackers used to attack a Ukrainian electrical power station last December. Incarceration rates are rising in the rural US. And Georgia's voting systems have no backup means of audit if the state's digital systems malfunction (or are, say, hacked).
At least the Department of Defense is still on the cutting edge. Its Strategic Capabilities Office is working on developing ways to weaponize video games. And special prosecutor Robert Mueller has put together an all-star investigatory team.
Plus the CIA could be lurking on basically every router out there, according to documents released by WikiLeaks. So here's a list of everyone President Donald Trump has blocked on Twitter to take your mind off things.
And there's more. Each Saturday we round up the news stories that we didn’t break or cover in depth but that still deserve your attention. As always, click on the headlines to read the full story in each link posted. And stay safe out there.
MICROSOFT PUSHED PATCHES FOR OLD WINDOWS SYSTEMS TO AVOID ANOTHER WANNACRY SITUATION
In May, Microsoft released patches for the virulent WannaCry ransomware for Windows XP even though that operating system is no longer officially supported. This week, the company followed up with a dozen additional patches that cover no-longer-supported versions including Windows XP, Windows Vista, Windows 8, Windows Server 2003, and Windows Server 2003 R2. Microsoft said that though it is not reinstating support for these aging OSes, it does want to take "action to provide additional critical security updates to address vulnerabilities that are at heightened risk of exploitation due to past nation-state activity and disclosures." While working to anticipate and preempt the next WannaCry-type incident is important, some experts worry that making too much of a habit of patching old systems will give stragglers an excuse to hold out on these dangerously insecure platforms even longer instead of being forced to upgrade. On the other hand, security pressure hasn't really created that urgency so far.
George Brown College
Casa Loma Campus
146 Kendal Avenue, Toronto
May 24, 2017. 6:30 pm
Wednesday, June 21, 2017
Time: 6:30 – 8:00 pm
Registration & Networking: 6:00 – 6:30 pm
Presentation: 6:30 – 8:00 pm
Networking: 8:00 -
George Brown College Casa Loma Campus
146 Kendal Avenue, Toronto, ON M5R 1M3
Dupont TTC Subway Station
400 Meters from entrance.
Paid parking and street
parking in area
About the Speaker
George Brown College
Intelligent Connections Inc.