Blog Posts Tagged with "Standards"

A7290c5bd7bc2aaa7ea2b6c957ef639b

NIST Finalized Guidelines for Security in the Cloud

February 12, 2012 Added by:David Navetta

According to NIST, SP 800-144 is geared for those involved in cloud computing initiatives; security personnel responsible for security and privacy measures for cloud computing; system and network administrators; and users of public cloud computing services...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Encryption: On Hashing Basics

February 08, 2012 Added by:PCI Guru

Never store the obscured value along with the truncated value. Always separate the two values and also implement security on the obscured value so that people cannot readily get the obscured value and the truncated value together without oversight and management approval...

Comments  (0)

9f19bdb2d175ba86949c352b0cb85572

Incident Response: Have You Got a Plan?

February 06, 2012 Added by:Neira Jones

We should always aim to reduce the frequency of security incidents by effectively securing networks, systems, applications and have the appropriate policies and processes in place, and the NIST report helps in providing guidelines on responding to incidents effectively...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

Hacking Satellite Communications

February 06, 2012 Added by:Pierluigi Paganini

We must consider that compromised satellites are a serious risk, that the exposure could affect communications in the business and military sectors, and could also cause the loss of sensitive and strategic technological information...

Comments  (5)

69dafe8b58066478aea48f3d0f384820

DMARC Email Authentication Work Group Launched

January 31, 2012 Added by:Headlines

The group's work includes a draft specification that helps create a feedback loop between legitimate email senders and receivers to make impersonation more difficult for phishers trying to send fraudulent email...

Comments  (0)

E973b16363b3de77b360563237df7e32

A Failed Attempt at Optimizing an Infosec Risk Assessment

January 28, 2012 Added by:Bozidar Spirovski

Having a standardized method for risk assessment in infosec based on hard numbers would be great. But since the factors included in any incident are complex and varying, and consistent incident reporting is impossible, we will be sticking to the current qualitative methods...

Comments  (3)

69dafe8b58066478aea48f3d0f384820

NIST Workshop to Support Trusted IDs in Cyberspace

January 27, 2012 Added by:Headlines

The workshop will focus on how technologies and standards can help the framework of the Identity Ecosystem coalesce. As envisioned by the NSTIC, the Identity Ecosystem is a user-centric online environment—a set of technologies, policies and agreed upon standards...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Encryption Basics: It's Not a Mystical Science

January 25, 2012 Added by:PCI Guru

Regardless of the algorithm used, they are not perfect. Over time, encryption algorithms are likely to be shown to have flaws or be breakable. Some flaws may be annoyances that you can work around or you may have to accept some minimal risk of their continued use...

Comments  (0)

7477d0986a135e5e948d70e9995a609c

ISO 27001 and HITRUST for Healthcare Organizations

January 23, 2012 Added by:John Verry

HITRUST provides a prescriptive set of controls that are mapped and referenced to standards and regulations relevant to healthcare. The idea is to simplify the process of becoming largely compliant with relevant laws and regulations and mitigating most risks...

Comments  (0)

8fcd3af85e00d8db661be6a882c6442b

SSAE 16 is NOT SOC 2

December 22, 2011 Added by:david barton

Just when I thought things were getting better, along comes a press release that is wrong on so many levels I don’t even know where to begin. First, SSAE 16 is not a certification. Secondly, SOC 2 is totally unrelated to SSAE 16, which is specific guidance for conducting SOC 1 reviews...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

NIST Revision Expands Government Authentication Options

December 16, 2011 Added by:Headlines

“Changes made to the document reflect changes in the state of the art. There are new techniques and tools available to government agencies, and this provides them more flexibility in choosing the best authentication methods for their individual needs, without sacrificing security..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NICE Seeks Feedback on Cybersecurity Workforce Framework

December 05, 2011 Added by:Headlines

"Establishing and using a unified framework for cybersecurity work and workers is not merely practical but vital to the nation's cybersecurity. Much as other professions have defined their specialties, it is now time to forge a common set of definitions for the cybersecurity workforce..."

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Utility Cyber Security is in a State of Near Chaos

November 16, 2011 Added by:Headlines

"Utility cyber security is in a state of near chaos. After years of vendors selling point solutions, utilities investing in compliance minimums rather than full security, and attackers having nearly free rein, the attackers clearly have the upper hand..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NICE Issues Cybersecurity Workforce Framework

November 09, 2011 Added by:Headlines

The framework organizes cybersecurity work into high-level categories ranging from the design, operation and maintenance of cybersecurity systems to incident response, information gathering and analysis. The document is meant to define professional requirements in cybersecurity...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

IEEE Addresses SCADA Security Standard Challenges

November 08, 2011 Added by:Headlines

"As the rate of bolder, more sophisticated cyber attacks continues to spiral upward, ensuring data integrity and security has become increasingly challenging. By necessity, preventing unauthorized intrusion into critical systems has become a top priority..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NIST Updates Smart Grid Framework Standards

November 08, 2011 Added by:Headlines

"Making such dramatic changes to the power grid requires an overarching vision of how to accomplish the task, and this updated Framework advances that vision. Utilities, manufacturers, equipment testers and regulators will find essential information... that was not previously available..."

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »