Posts Tagged Security

Managing the Security Requirements in Agile Projects

Address to the security requirements even at early phases of development is the most effective method of preventing security bugs. The major part of security requirements are related to non-functional requirements (NFR). Non-functional requirements generally describe such aspects of software system as reliability, security, response time and some other significant qualities of an application. Remember, that functional requirements describe what should the system do in response to the certain user action.

Active attention to the non-functional requirements and likewise security in particular is not usual within Agile. Non-functional requirements are often linked with large number of limitations. It can be really difficult to work with a huge set of limitations connected with non-functional requirements. If to add also some additional NFR limitations such as ease of access, the list of limitations might grow too rapidly for developers. After the list becomes really huge, developers often ignore it at all. They simply rely on their memory in the application of NFR limitations. In such areas as security of applications, the quantity of non-functional requirements significantly increases, and that makes cognitive load on developers’ brains really considerable.

Of course there are effective solutions to the problems with immense NFR restrictions. It is possible to cope with the problem of numerous NFR limitations the following ways.

1.Prioritization. If NFR restrictions will have various priorities, it will be easier to divide the scope of work into parts and to relieve brain a little. It is possible to assign different priorities to limitations so as it is usually done for defects and user stories. It is possible to designate priorities like this: “Low”, “Middle” or “High”. It can also be convenient to evaluate priorities using numerical scale from one to ten.

2.Filtration. By utilizing simple criteria you can decrease or just liquidate large scope of NFR restrictions for certain user story. By using the system of tags or just Excel filters you can successfully perform this. Here are some examples of filters which can be used for web applications:

– Does the user story utilize the input data supplied by the user?

– Does the user story use some kind of confidential data such as credit cards, passwords or even some kind of non-public financial data?

Mainly prioritization and filtration can significantly simplify and help to systematize the daily work connected with NFR restrictions. And, of course, it is better to remember about issue tracking system which will help to monitor the most important processes and data during workflows.

Author Byline

Hi, my name’s Jannet Sparts and I’m working as an editor of Online Issues. I write for several blogs sharing my experience and observations. I have worked as a project manager in several companies. So I have tried different PM tools, collaboration programs, including tracker and task management software solutions. For the moment PM software is my primary field of interest.

, , , , ,

Leave a comment

Control – fundamental for effective IT security

A fundamental part of any effective IT security policy is the control you have over the network.

Where this becomes challenging is the introduction of the human element; both internally from staff who might not always know best and externally from people who do not always have the best interests of the firm at heart. The more control you have, the better positioned you are to protect the network from problems.

If you are at the head of an organisation’s IT team, then the ultimate responsibility for looking after its digital information is in your hands; this is a real burden especially in modern society, with computers being so powerful and harbouring such a lot of data.

Clear policy

The starting point of any high-control IT security policy is to make everything clear. This begins with your own mind, so make sure that you understand and can explain which processes are allowed in the workplace. With this is in mind you can begin communicating the policy to staff, who will probably have differing levels of IT knowledge.

If you can, it can really help to work alongside one or two of the employees who will be using the system, since they can give you invaluable information about how a staff member might react to certain advice and whether guidelines may cause problems in terms of their day-to-day operations.

Awareness

A major part of your control will come from knowing who is using what and how they are utilising it. With the help of inventory software, you can list all the devices connected to your network, as well as certain software details. These specifications should aid you in identifying problems; for example, linking a certain device or operating system with an issue.

Awareness of the technology you are dealing with can also have a significant impact on how you would go about solving something that has gone wrong – without knowing what is in use you are giving yourself a handicap in some senses.

Foresee issues

Being proactive rather than reactive is important in any job and it is no different in the world of IT. By keeping up to date with industry news and expert commentary, you should be able to foresee a number of troublesome issues, for instance, viruses or technical problems associated with certain devices.

However, your research does not stop there; you can also help yourself by trying to be present in company meetings when processes are being altered, as you may see an obstacle on the horizon – giving you plenty of time to produce a solution.

About The Author:-

John Stephen is a consultant. He is also an IT Support Technician, Internet Marketer and he loves to research with access software. He recommends http://www.kaseya.co.uk/ which provides the resources on strategic business goals while maintaining the availability, security and stability of your IT environment.

, ,

Leave a comment

10 Safety Tips On Twitter

The issue of security your Twitter account is very relevant, since the service began to pick up considerable speed and popularity. Twitter – is not just a microblog, it is a complete marketing tool, which stores the set of confidential information. In the last few years has increased the number of Twitter accounts breakups. It becomes a real problem. That is why on this issue should be paid special attention. In this article, you can see 10 rules that will protect your staying online, allow you talk comfortably and enjoy each new tweet.

1. Do not disclose personal information.

Maybe, it’s one of the most important rules. Do not publish private addresses, telephone numbers, passwords and all, what you consider important and personal. Thus, you tell about yourself all that you want to hide.

One more thing – Geo Tagging. When this function is enabled, the tweets will be published with your place position in that moment. Don’t use it at home.

If you run your twitter account for a limited number of people, you can hide your news feeds.

2. Use private Twitter account.

You can use private twitter account. The idea is that you are limiting the number of people who can read your tweets y yourself. It is suitable for sending personal messages or system data / parameters.

3. Carefully choose the applications that have access to the account.

Check and try not to run the application page. Be sure that you can trust the site or service that requests a password or authorization. Be careful, because this is the most popular way to get the password of your account.

4. Change your passwords every six months.

Better even often. Regularly change your passwords and use different passwords for different services. Use complex and long passwords, which have punctuation marks, numbers, symbols. Such passwords are the most difficult to crack.

5. Do not use unfamiliar links to read Direct Massage.

It is the second most popular way to lure the user into a trap and get a password or personal data.

Many links are specially shortened to mask the original page. But there is a solution.

6. Use the Services to open short links.

There is not a lot of such services, but they will help you in finding a threat. One of the most popular is a plug-in for Firefox LongURL Mobile Expander. For those who do not use Firefox, there are special web-based applications and Unhid Untiny.

7. Block spam and report about it.

Thus, you are not only caution others but also help yourself, because after pressing the «Block spam» you are unlikely to get to the page of this Twitter user again.

8. Do not click on the ads that promise you a lot of followers.

At best, it will only advertising, and at worst, you will lose your account.

9. Use antivirus and firewall.

Though Twitter viruses are not as many as usual Trojans and other “ills”, but still be careful: do not download suspicious files from the network. There are many new clients for Twitter so be careful when you’re setting the next novelty to your computer.

10. Press Log out button when you leave.

Just do not give to the “bad boys” an opportunity to use your twitter account in their treacherous plans. Also, better not to left unattended mobile phones and other equipment, which has access to Twitter.

Author bio: Korah Morrison is a specialist of context advertising, social marketing and copywriter at Essay-Point.com. She writes articles on various topics that deal with internet marketing, web design, branding and business promotion in the internet.

, ,

Leave a comment

Oracle launches solution to enhance data security

NEW DELHI: IT major Oracle today launched a new set of solutions aimed at helping enterprises that are planning to embrace cloud, mobile and social technologies as part of their business practice.

The ‘Oracle Identity Management 11g Release 2’ further strengthens Oracle’s integrated enterprise security solutions spanning hardware, database, middleware, and enterprise applications, Oracle Vice President (Technology – APAC) Sundar Ram Gopalakrishnan told reporters here.

“Organisations today, while recognising the need for an end-to-end security solution, fail to look at security comprehensively until they’ve had a security breach. There are often security gaps since there is no centralised management or reporting, with independent owners for every solution,” he added.

Oracle’s end-to-end security solutions offer the lowest total cost of ownership and meet compliance needs across IT infrastructure, data, applications and identity management, Gopalakrishnan said.

In India, Oracle is focusing on sectors like telecom, banking, financial services and insurance and government as these sectors own extensive classified or confidential data and are more prone to security threats.

“These sectors are also guided by strong regulatory compliances. Oracle with its full spectrum of security solutions is in a strong position to address the needs of these demanding industries,” he said.

According to a recent survey, respondents said they felt they were are inadequately protecting sensitive data and database infrastructure.

About 60 per cent respondents said they have or are likely to have a data breach over the next 12 months and a majority said the stolen records were from database servers.

“Oracle offers complete identity management solutions that enable enterprises to secure critical applications and sensitive data, lower operational costs, and comply with regulatory requirements,” he said.

Some of the Indian customers using Oracle’s security solutions include Hindustan Petroleum Corporation Ltd (HPCL), TVS Motor Company and Aircel Ltd.

, , ,

Leave a comment

Protection You Can Afford

There are numerous ways you can lose the information on your computer. Your child decides to play Chopin on your keyboard, a power surge, lightening, a virus, or even simple equipment failure. Therefore, backing up the contents of your hard drive is an absolute MUST. By regularly making backup copies of your files and storing them in a separate location, you can typically get some, if not all, of your information back in the event your computer crashes.

While a regular backup to floppy, CD, or zip drive will save your files, wouldn’t it be great if you could create an exact copy (a drive image) of your hard disk? That means backups of all your files, programs, and user settings. This would definitely save you time when it came to reloading. Acronis may be able to help.

Acronis True Image 9.0 is a robust disk-imaging utility software that copies the entire contents of your hard drive including data and operating system files, personalized settings, and more, onto another disk or disk partition. Its layout is easy to use and navigate. It also includes wizards which can walk you through both backing up and restoring your computer. Highlighted features include:

• Secure Zone — allows you to save data to a special hidden partition located on your hard drive which would eliminate the need to purchase an extra hard drive.
• PC Cloning — you can upgrade to a new system disk without needing to reinstall the operating system and applications, or configure user settings.
• Acronis Snap Restore – lightening-speed restore of your PC from an image. You can start working in seconds while your system is still being restored.

Acronis provides a free test-drive of its product and a 30-day money back guarantee. When you are ready to purchase, you can either download for $49.99, or if you so desire, order a boxed version for $59.99. With Acronis True Image Home 9.0, you can rest easy that your family pictures, personal documents, tax returns, resumes, and other important information will not be lost forever.

, , ,

Leave a comment

LinkedIn sheds more light on security breach

SAN FRANCISCO: LinkedIn Corp, criticized for inadequate network security after hackers exposed millions of its users’ passwords, said on Saturday it had finished disabling all affected accounts and did not believe other members were at risk.

The company, a social network for business professionals, promised to beef up security, days after more than 6 million customer passwords turned up on underground sites frequented by criminal hackers.

The break-in – the latest in a string of high-profile Internet breaches around the world – has damaged the reputation of the high-flying company with more than 160 million members, and raised questions about whether LinkedIn had done enough to safeguard the private information of its users.

Some cyber-security experts had warned that the company could uncover further data losses over coming days as it tries to figure out what happened.

In its blog post, LinkedIn said it had notified all affected users – whose accounts had not been accessed – and added it did not think other users had been compromised.

“Thus far, we have no reports of member accounts being breached as a result of the stolen passwords. Based on our investigation, all member passwords that we believe to be at risk have been disabled,” it said in a blog post.

“If your password has not been disabled, based on our investigation, we do not believe your account is at risk.”

LinkedIn is a natural target for data thieves because the site stores valuable information about millions of professionals, including well-known business leaders.

It has hired outside forensics experts to assist as company engineers and the FBI seek to get to the bottom of the break-in. The company said on Friday it did not know if any other account information was stolen besides passwords.

But customers whose passwords were among those stolen were still getting notified by LinkedIn as of Friday afternoon, days after news of the breach surfaced.

The way the company responds to the theft will play a critical role in determining the extent to which the incident damages LinkedIn’s reputation, experts said.

LinkedIn shares rose 2.6 per cent to $96.26 on Friday. While the breach has not appeared to hurt the stock, investors are likely watching the matter closely because the stock carries one of the loftiest valuations in technology.

, ,

Leave a comment