Proceedings from the The Open Group Security Practitioners Conference at Toronto – July 22, 2009.
Tag: Architecture
Security Architecture Framework
Security Architecture Framework should provide comprehensive view of security in the enterprise and be the reference model for any security architecture artifacts and all design.
Critical Security Controls
What are the Critical Security Controls per US federal organizations? Important points and thoughts.
Open Source Software in Corporate world
Pros and cons of using opensource software in the corporate world.
IANA Port Numbers
Here is a list of IANA port number – http://www.iana.org/assignments/port-numbers
Security Architecture Definition
The definition of security architecture has never been consistent among experts. While it is a framework for some, it’s a process or a detailed technical design for others.
Smartphone Security For Enterprise
Smartphones are now rich in features that include network connectivity, enough storage space with efficient processors. These enter your network through authorized corporate users while others are brought in by employees who purchased it themselves.
What were they thinking?
At the start of the New Year, CIO magazine has data protection and governance at the top of the list for this year. I thought this was supposed to be taken care from day one! In this age when words are being patented, we are still trying to figure out to protect data.
Protecting Clear Text Password
Passwords are the basic type of authentication in a system. They are easy to implement and also easy to attack. However, there are situations where you need to use a password to protect access to a resource. Its fine if an end user of system is providing the password directly to the system. Sometimes you need to store the password in a configuration file of a system. That’s where the dilemma starts. You have a scheduled SFTP process that needs a password to start. Do you keep the password in clear text or do you encrypt it? If you encrypt it, then how do you protect the key to encrypt and decrypt the password?
Production Data as Test Data
In order to maintain high quality of code, a company needs to use production quality source data for development, unit test and QA functional test purposes. There could be situations when the company uses unscrambled production source data, which potentially exposes customer sensitive data. Customer sensitive data must be protected. Given that there is a correlation between the quality of test data and the quality of code delivered to production, all efforts should be made to minimize the disruption/distortion of test data, while satisfying the privacy concerns.