Group items tagged

Interesting product on control compliance software.

Eh, I like VMWare VCM or McAfee's HBSS (kind of a nightmare to set up though.)

I can't see this being used much for single factor authentication, but I could certainly see it being used on top of a username/password setup to bolster the security of that password. Another useful application for this would be to augment an anomaly based IDS running on the user's system. If keystroke patterns/dynamics exceed standard deviation, an alert could be sent to the help desk or security, who could then verify the identity of the user.

I could see some companies implementing keystroke and typing dynamics depending on their sector and security posture. However, depending on the sensitivity of the software, they could receive a lot of false positives. I've personally noticed my typing speed fluctuates drastically depending on the time of day. Nevertheless, I could see more companies deploying the software depending of their budget.

It seems that there are way to many variables for this technology to really take off. I agree with trevor that there is potential for a high volume of false positives. I also see potential for a high volume of false negatives. This technology seems as though it could end up being extremely frustrating for the end user.

This standards publication (FIPS 140-2) is a key standard's document. Skim through it and see if you can find some ideas for emerging threats against the standard(s).

Any time you are allowed to introduce code into a program, you have a chance for error. By allowing cryptographic software and firmware to be updated, I think you will always have the chance for emerging threats to be introduced in the form of malware. Recently, the U.S. has stopped allowing the use of Chinese built hardware for certain DOD/ Federal agencies. if we allow the enemy to build the devices we use to form our security foundations, we have already lost the war.

I believe the frequency of review of this policy is untimely to the speed technology advances in. If they could move the review from 5 years to 2 years will suffice. At times, once the policy is published folks are already working on the revision to keep up with technology growth. "Since a standard of this nature must be flexible enough to adapt to advancements and innovations in science and technology, this standard will be reviewed every five years in order to consider new or revised requirements that may be needed to meet technological and economic changes."

SCORE (System, Component and Operationally Relevant Evaluations) is a unified set of criteria and software tools for defining a performance evaluation approach for complex intelligent systems. It provides a comprehensive evaluation blueprint that assesses the technical performance of a system and its components through isolating and changing variables as well as capturing end-user utility of the system in realistic use-case environments. The SCORE framework has proven to be widely-applicable in nature and equally relevant to technologies ranging from manufacturing to military systems. It has been applied to the evaluation of technologies in DARPA programs that range from soldier-worn sensor on patrol to speech-to-speech translation systems. It is also currently being applied to the assessing the control of autonomous vehicles on a shop floor.

From NIST Tech Beat: June 21, 2011 Most industry executives, military planners, research managers or venture capitalists charged with assessing the potential of an R&D project probably are familiar with the wry twist on Arthur C. Clarke's third law*: "Any sufficiently advanced technology is indistinguishable from a rigged demo."

The article was written by Bruce and published on CNN this month. It discusses the fact that almost everything we do can be and is monitored by someone, and eventually is subject to Government purvue. He shows how several key people who have been found their way into law enforcement pathways have taken many precautions, but all eventually were caught by other means which were correlated together to form the big picture.

Phil, I have to say after reading this I am glad I still have a flip phone with no smart technology on it. I have read were your smart phones embed the lat/long into pictures if that function is turned on and that data can be retrieved from facebook if you have the right software. It just goes to show that what we see on TV has an impact on what we have in real life. Lee

The most important technology news, developments and trends with insightful analysis and commentary. Coverage includes hardware, software, networking, wireless computing, personal technology, security and cutting-edge technology from the business world to the consumer world.

Concern about security and privacy in the cloud will drive adoption of cloud encryption systems, but Gartner warns there are six security issues that businesses should tackle. The expected compound annual growth rate of software as a service (SaaS) from 2011 to 2016 is 19.5%, platform as a service (PaaS) 27.7%, infrastructure as a service (IaaS) 41.3% and security services spending 22%.