Mar 28, 17 Asset valuation for pen testing - During the business asset analysis a pen tester should identify the assets that are most likely to be targeted by an attacker, what their value is and what the impact of their (partial) loss would be. For the full article see here.
May 03, 16 HIPAA Policies and Procedures are not copy and paste - If you are a small biotechnology, and you copy from a big pharma you will be overpaying and over-implementing SOP's which may not be relevant to your business situations. For the full article see here.
Feb 02, 16 Threat modeling 10 common traps you dont want to fall into - Industry expert and renowned author Adam Shostack shares with us how threat modeling can effectively drive security through your product, service or systems.
Nov 10, 15 Threat Modeling Tool Created by Mozilla Winter of Security Team - The innovative Seasponge tool allows better visualization of systems and the data flow between them, pinpointing potential security risks.
Mar 25, 15 The Death of the Anti Virus - Installing more security products is never a free lunch and tends to increase the total system risk and cost of ownership, as a result of the interaction between the elements. For the full article see here.
Jun 05, 14 PTA for HIPAA Security Rule - The exercise of using Practical Threat Analysis and generating threat scenarios is a fun and highly effective way of achieving compliance and improving your products and processes. For the full article see here.
Sep 19, 13 Practical Security for Physicians - the first in a 3 part series on practical threat analysis for physicians which will try to get you thinking like an attacker.
Dec 02, 12 Protect your organization's data - A new article by Danny Lieberman presents the 10 major steps to protecting your organization's privacy data and intellectual property.
Nov 23, 12 Accepted: Practical Threat Analysis US Patent No: 8,312,549 B2 on a computer-implemented method and system for calculation of cost-effectiveness of countermeasures in mitigating the threats on a system through calculating risk of threats. Full text of patent is here.
Feb 08, 12 Mobile Device Security Challenges - the article presents a threat analysis of a real life case study and shows that the key vulnerabilities and threat model of mobile device based systems are similar to those of traditional IT systems even if the threat surface is dramatically different!
Sep 14, 11 Practical Threat Analysis of Medical Device - an article in Israeli Software presents a threat analysis of a network of embedded medical devices used for patient monitoring. The results are available here.
Apr 05, 11 The Tao of GRC for CISOs and CSOs - an article in infosec island introduces a practical approach that helps CISOs/CSOs successfully improve compliance and reduce information value at risk.
Sep 02, 10 Free Online Security Best Practices Workshops - 6 free online workshops opens September 3 with "Using data security metrics and a value-based approach".
Jun 04, 10 Credit Union InfoSecurity Conference - PTA's role in the process of defining an effective risk mitigation plan that is specifically tailored to your credit union.
Feb 18, 10 Effective Web App Security Assessments Webcast - using practical threat analysis to identify where your organization is exposed.
Sep 04, 09 ISSA Journal's toolsmith covers PTA - an article by Russ McRee reviews the PTA methodology and risk assessment tool.
Aug 27, 09 PTA Qualified Partner Program enables risk experts to showcase their business and their capabilities.
Dec 18, 08 PTA is now available for automating PCI DSS 1.1 self assessments - read & download the free package.
Feb 17, 08 PTA ISO 27001 library - a new PTA library for efficient performing of ISO 27001 risk assessment audits (revised: Sep 07).
Jan 08, 07 Enterprise Software Risk Reduction - a new PTA embedded method for mitigating defects in enterprise legacy systems.
Mar 13, 06 Extrusion Prevention Seminar - learn how to defend your corporate brand from cyber threats.
Feb 12, 06 PTA Free Program for Security Consultants enables consultants to use PTA in their risk analysis missions.
Nov 22, 05 The PTA Risk Assessment tool is free of charge for students, researchers and independent security analysts.
Jan 20, 05 Read our article on Practical Threat Analysis for the Software Industry in Security Docs.