Lux, France
Lux, France
SEARCH FILTERS
Time filter
Source Type

Bejtlich R.,General Electric | Steven J.,Cigital | Peterson G.,Arctec Group
IEEE Security and Privacy | Year: 2011

Richard Bejtlich leads a conversation on how incident detection and response (IDR) teams' focus on detecting and preventing attacks has moved from targeting OSs to unauthorized-access-application functionality and data. He discusses why this makes IDR so much more difficult and what these new targets mean for IDR. Department editors Gunnar Peterson and John Steven respond with tactics on how application security teams can help. © 2011 IEEE.


Peterson G.,Arctec Group
IEEE Security and Privacy | Year: 2010

These tips can help you cheaply build some security into your enterprise. © 2006 IEEE.


Chuvakin A.,Security Warrior Consulting | Peterson G.,Arctec Group
IEEE Security and Privacy | Year: 2010

As threats shift toward applications and as more companies struggle with compliance mandates and the limitation of protection technologies such as access control, the need for useful, comprehensive application logging can only increase. This article provides guidance on application logging to application developers and architects and to security professionals. © 2006 IEEE.


Peterson G.,Arctec Group
Information Security Technical Report | Year: 2010

This paper examines ways to improve security architecture by harnessing the executive attention that compliance activities like PCI DSS bring to security and focus that attention toward improving security architecture over the long term. Threat modeling fills a gap between the system's functional requirements and the auditor's checklist, and is used to catalyze this change of focus. © 2011 Elsevier Ltd. All rights reserved.


Peterson G.,Arctec Group
IEEE Security and Privacy | Year: 2010

Cloud computing requires a new security model. One promising model employs technology "patterns": gateways, monitoring, security token services, and policy enforcement points. These patterns help promote a healthy "distrust and verify" approach to cloud security. © 2006 IEEE.


Loading Arctec Group collaborators
Loading Arctec Group collaborators