Archive: November, 2007
The Top Ten Security Threats for 2008 (Part 3) – Risky Situations and Context
Opher Etzion provides a timely segway for Part 3 of this series on The Top Ten Security Threats for 2008 in his two blog posts, Context and Situation – are they synonyms? and The notion of context and its role in event processing. I will briefly illustrate and elaborate by applying the concepts of context and situation to risk identification, [...]
Read moreThe Top Ten Security Threats for 2008 (Part 2) – The Current Situation
Before we list our top ten security threats for 2008, let us take a moment to review the current situation in cyberspace and how that maps to complex event processing. First, you might be asking yourself, Why is security and risk management important to complex event processing? Cyberspace today is not much different than the airspace was many [...]
Read moreThe Top Ten Security Threats for 2008 (Part 1) – Threats Are Not Vulnerabilities
A colleague of mine asked me to collaborate on a list of the top 10 security threats for 2008. Naturally, I did a bit of research and noticed that many of the folks who publish similar lists often confuse security threats and security vulnerabilities. For example, here is a post by The SANS Institute, The Top 10 [...]
Read moreHow Information Technology Can Be Used to Detect Opportunities and Threats in Wealth Management
I have just been invited to speak at a November 2007 Weath Management conference in Asia. My presentation will be, How Information Technology Can Be Used to Detect Opportunities and Threats in Wealth Management, with an abstract as follows: Managing risk and exploiting financial opportunities are converging as complementary business models in today’s Internet dependent world. [...]
Read moreReference Customers are the Gold Standard for CEP
All customers (who are end users) I have been working with this year are not very concerned about (academically) interesting event processing technical details like “EPLs” or “latency”. Moreover, customers are almost completely disinterested in marketing terms like “BAM” or “SOA” or “EDA” or “XTP”. Customers, not surprisingly, are simply demanding end user reference customers and knowledge of their use [...]
Read moreUsing Bayesian Classifiers to Detect Fuzzing
Fuzzing, from a security perspective, is when an automated program searches for IT vulnerabilities by sending random input to an application. Fuzzers are sometimes referred to as fault injectors and are used by hackers to find buffer overflows and other application flaws such as SQL injection, XSS, and format string vulnerabilities. In the past few years fuzzing is being increasing used by criminals to [...]
Read moreThailand Information Security Association (TISA)
The Thailand Information Security Association (TISA) was formed in July 2007 to assist the Kingdom of Thailand meet emerging information security threats and foster cyber defense technologies and information sharing in the Asia Pacific region. TISA’s founding information security members included the National Science and Technology Development Agency, Software Park Thailand, the Department of Special Investigation, the Royal Thai [...]
Read moreA Model For Distributed Event Processing
In my last post, Analytical Patterns for Complex Event Processing, I provided an overview of a few slides I presented in March of 2006 at first event processing symposium titled Processing Patterns for Predictive Business. In that same presentation (slide 15), I also introduced a generic high level architecture (HLA) for event processing in the illustration below: The figure above is a [...]
Read more