Blog Posts Tagged with "Guidelines"
October 09, 2012 Added by:Matt Neely
The information security industry has attempted to adapt existing Risk Management practices for the task of managing information security. Numerous frameworks have been devised over the years, including FAIR, OCTAVE, ISO 27001/27005 and NIST 800-53/NIST 800-39, just to name a few...
September 19, 2012 Added by:David Navetta
The BYOD movement, barring a black swan event, is likely to continue to gather steam – though not without detractors. And as the Toolkit notes, BYOD remains a nascent movement with real concerns and numerous issues to be worked through, along with the establishment of new practices...
September 06, 2012 Added by:Stefano Mele
The Tallinn Manual pays particular attention to international law governing the use of force as an instrument of national policy and laws regulating the conduct of armed conflict, also labeled the law of war, the law of armed conflict, or international humanitarian law...
July 29, 2012 Added by:Headlines
A new guide from the National Institute of Standards and Technology (NIST) describes a "scoring system" that computer security managers can use to assess the severity of security risks arising from software features that are designed under an assumption that users are operating these features as intended...
July 18, 2012 Added by:Infosec Island Admin
ICSCERT has identified three technology deployment areas to evaluate when considering the upcoming EOL of XP SP3 across ICS environments. Applications installed on Windows XP SP3 operating system builds on standard IT equipment, including engineering workstations, HMI servers, historian systems, etc...
July 16, 2012 Added by:Shay Chen
There hasn't been any independent methodology for evaluating web application vulnerability scanners in a while. The following is a comprehensive guide for choosing the best scanner based on conclusions from the 2012 benchmark study - a comparison of 10 crucial aspects of 60 web application vulnerability scanners...
July 13, 2012 Added by:Infosec Island Admin
"Companies will be able to tailor these generic test criteria to their own systems. To make it an effective framework, we made sure that it contains consistent, repeatable tests they can run, producing documentation that contains adequate, accurate information regardless of the individual system..."
July 02, 2012 Added by:Ahmed Saleh
Your passwords should be treated as "high sensitive information", and you are responsible for taking the appropriate steps to select and secure this information. Information system users should be aware of the characteristics of weak and strong passwords in order to ensure adequate protection of their information...
June 28, 2012 Added by:Headlines
“The mission of the Alliance is to maximize buying power to improve the cyber security posture of governments and not-for-profits... to help organizations in the public sector procure solutions to address cyber security... [a] trusted environment public sector organizations can turn to for expert guidance..."
June 20, 2012 Added by:Infosec Island Admin
“Understanding risk means understanding the relationship between vulnerability (such as a system with a known but unaddressed weakness), threat (such as a bad actor propagating viruses or worms) and consequence (such as physical damage and loss of public safety). Simply understanding risks is just the first step"...
June 13, 2012 Added by:Infosec Island Admin
Credential caching should be disabled on all machines. A common technique employed by attackers is referred to as “pass the hash.” The pass the hash technique uses cached password hashes extracted from a compromised machine to gain access to additional machines on the domain...
June 07, 2012 Added by:Neira Jones
Not impressed with LinkedIn's social media crisis response? Whilst the draft NIST report SP 800-61 gives really good guidelines on fully and effectively communicating important information to the public, there is some mileage to be had by exploring the use of social media when tackling incident response...
June 06, 2012 Added by:Ben Rothke
One of the selling points around virtualization is its perceived added level of security. But virtualization, like any other piece of software can be implemented incorrectly, and itself have flaws. To secure virtualization effectively, one needs to understand how adversaries will attack an environment...
June 01, 2012 Added by:Infosec Island Admin
Preserving forensic data is an essential aspect of incident response. The data acquired during the process is critical to containing the intrusion and improving security to defend against the next attack. Network defenders should make note of the following recommendations for retention of essential forensic data...
May 21, 2012 Added by:Infosec Island Admin
Listed below are tips to protect your business, yourself and your family from various forms of Internet fraud. For information on the most common complaints and scams, see the annual reports of the Internet Crime Complaint Center a partnership of the FBI and the NWCCC...
May 18, 2012 Added by:Robert Siciliano
If your PC is bogged down with software and your desktop is jammed with icons and documents, then your PC is next to useless as a productivity tool. Even scarier is you have lost track of your files have sensitive information exposed. Follow these tips for a cleaner, faster machine...
Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013
ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013
New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013