Assets, Vulnerabilities, Threats, and Risks: What Type Security Is Right For You?

In the FileMaker Pro developer community there is a general lack of clear understanding about the need for the correct type of security in FileMaker Pro solutions.

There is too much focus on passwords and not enough focus on the protection of assets and the mitigation of adverse impacts of breaches. There is also too much focus on the creation of “custom” “security” systems and not enough focus on identifying threats and the risks of their occurring. There is too much complaining about how “hard” it is to have good security and not enough appreciation about the adverse impact of having the wrong type of security.

As a result of all this, at the upcoming FileMaker Developer Conference in Phoenix I will be conducting a special session:

Assets, Vulnerabilities, Threats, and Risks:
What Type Security Is Right For You?
Tuesday, July 15th 2008
11:15 AM to 12:30 PM
Sonoran Ballroom H

This session will feature a discussion of how to determine the right type of security for your solution. It is based on a set of circumstances specific to your individual solution, but common to all FileMaker Pro solutions.

All assets are subject to threats that can exploit vulnerabilities that, in turn, can breach their Confidentiality, Integrity, and Availability. The level of adverse impact of such a breach varies situation by situation as do the risks of those threats’ occurring and the prevalence of threat agents that can trigger the exploits.

Security then must focus on closing vulnerabilities, on blocking threat agents, and on mitigating adverse impact of breaches. And a great many FileMaker Pro solutions take no cognizance whatsoever of this key requirement.

So, if you are at the Develop Conference, feel free to stop by to listen, to contribute, or to debate this very important subject.

—–
Steven H. Blackwell
Platinum Member, FileMaker Business Alliance
Partner Member, FileMaker Solutions Alliance (1997-2007)
FileMaker 9 Certified Developer
FileMaker 8 Certified Developer
FileMaker 7 Certified Developer
FileMaker Authorized Trainer

Tip of the hat

Having skipped DevCon in order to afford an iPhone, I’ve been dealing with my DevCon envy by exploring some of the wonderful sample files that people have been putting together for FM9.

The fuss over Andy’s conditional formatting tricks, for example, is certainly well-deserved (though let’s face it, we all would have worked that stuff out on our own, right? no?).  After playing with those for a bit, a post about Ray Cologon’s “Progress Bars” ( http://www.nightwing.com.au/FileMaker/demos.html ) caught my attention, and I ended up spending a good afternoon hacking that file apart. Read more

Adventures in Barcoding

As a fulltime educator, there’s never any shortage of new and exciting projects to inspire me and capture my interest. As an FM developer, though, it can sometimes be a bit of a stretch. Even new releases of FileMaker (like that‘ll happen any time soon…) can be a melancholy blend of “gee whiz” moments and feature request letdowns (”what?! They didn’t include facial recognition on container fields?! Damnit, I’ve been asking for that since version 4!”). Fortunately, we can sometimes count on our clients to throw something fun our way. Read more

Reflections from Exile

In the season finale of “30 Rock”, Jack Donaghee (Alec Baldwin’s high-powered executive character) suffers a heart attack, clutches his chest and cries “Ride it Donaghee! Ride it straight to hell!”

In an effort to avoid a similar fate, I recently took a week of exile from work (pretty fancy term for “vacation”, no?) and went to a location where the only internet access was dialup. Before I left, I opened my “trip packing” database, checked off the boxes for “cold, relaxing, sun” (I was going to Canada), unchecked the box for “work” and set the “willingness to smell” field to a value of 9 (out of 10). I printed the resulting packing list and closed FileMaker for a whole 7 days, possibly the longest for me in three years.

That gap gave me some time to reflect on a number of nagging personal questions. For example: “Do I want to quit my day job and be a fulltime consultant?” or “Which will ultimately be a bigger letdown: iPhone, FM9 or the Heroes finale?” Read more

Architects & Builders

Working at inRESONANCE taught me a number of things about software development that I hadn’t learned as an independent developer. As an independent you are responsible for everything - business development, project specification, design, coding, testing, bug fixing, installation, support, billing, and everything else you never thought of. If you’re not proficient at one or more of those things, say billing clients for work you’ve done, you’re not going to last very long.

Read more

Next Page →

• 
  

Recent Posts

• Assets, Vulnerabilities, Threats, and Risks: What Type Security Is Right For You?
• Brain Teaser - Solution
• Brain Teaser
• Google Mapping Part Deux (Multiple Addresses)
• Pseudoportals with Alternating Fill

Recent Comments

• Mike Lee said “A tip of the hat to Jon Rosen for pointing out a flaw in my ...” on Google Mapping Part Deux (Multiple Addresses)
• Mike Lee said “Regarding directions, I haven't investigated this, but have a couple comments. You can call the ...” on Google Mapping Part Deux (Multiple Addresses)
• hotsoup said “I am trying to get FM to pull up a map of directions simply from ...” on Google Mapping Part Deux (Multiple Addresses)
• Mike Lee said “Prior to FM9, the Web Viewer could only display URLs (not HTML directly). That's why ...” on Google Mapping in FileMaker
• dburnham said “I would like to know if there is a solution to this same problem within ...” on Google Mapping in FileMaker
• About BDP Comments

Categories

• Biz
• Design Patterns
• DevCon2007
• FM7
• FM8
• FM8.5
• FM9
• Housekeeping
• Op-ed
• PHP
• Technical
• Uncategorized

Blogroll

• M. Edoshin
• robfm
• six.fried.rice
• Tokerud

Meta

• Register
• Log in
• Entries RSS
• Comments RSS
• WordPress.org