Viewing posts tagged Security and Economics
what-is-the-opposite-of-a-moral-hazzard
Posted by: admin 15 years, 7 months ago
According to a recent study by researchers from my alma mater, the University of Virginia, the use of cameras to fine motorists who run red lights actually increases the number of accidents at those intersections. There are fewer T-bone collisions, but more rear-end collisions.where-are-you-on-the-normal-curve-of-information
Posted by: admin 15 years, 7 months ago
I recently was goaded into joining the IT Policy Compliance Group so I could read their research report entitled Taking Action to Protect Sensitive Data.
why-roi-is-a-crappy-measure-for-information
Posted by: admin 15 years, 7 months ago
At a number of recent events and discussion forums the topic of ‘selling’ security investments to top management has been addressed. The question posed is that if there is no positive return from a security investment, how do security professionals propose a security solution to a CFO or CEO? What is the return on a strong authentication, a firewall or IDS system that neither saves money (except perhaps in employee time, an argument that may fall on deaf ears) nor generates revenue? Importantly to me, how can you justify the investment in strong authentication? The answer lies in what really creates value for an enterprise.marginal-revolution-on-vaccinations
Posted by: admin 15 years, 7 months ago
People who have the flu spread the virus so getting a flu shot not only reduces the probability that I will get the flu it reduces the probability that you will get the flu. In the language of economics the flu shot creates an external benefit, a benefit to other people not captured by the person who paid the costs of getting the shot. The external benefits of a flu shot can be quite large. Under some conditions each person who is vaccinated reduces the expected number of other people who get the flu by 1.5.Perhaps we have been taking the wrong tack thinking about how to punish PC users who have malware on their machines.. Maybe offering additional benefits to users with verifiable security mechanisms is a better solution. Maybe one of those benefits would be access to IRC channels often used by malware to contact their controller.
the-externalities-of-dns-configuration
Posted by: admin 15 years, 7 months ago
According to a recent study by DNS appliance maker Infoblox, over 50% of the Internet's domain name servers allow recursive name services - requiring a name server to relay requests to other name servers. If an attacker "poisons" the list of name servers, users are directed to a fake site, even if they manually enter the correct web-address.
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)