Blog Posts Tagged with "Standards"


NIST Finalized Guidelines for Security in the Cloud

February 12, 2012 Added by:David Navetta

According to NIST, SP 800-144 is geared for those involved in cloud computing initiatives; security personnel responsible for security and privacy measures for cloud computing; system and network administrators; and users of public cloud computing services...

Comments  (0)


Encryption: On Hashing Basics

February 08, 2012 Added by:PCI Guru

Never store the obscured value along with the truncated value. Always separate the two values and also implement security on the obscured value so that people cannot readily get the obscured value and the truncated value together without oversight and management approval...

Comments  (0)


Incident Response: Have You Got a Plan?

February 06, 2012 Added by:Neira Jones

We should always aim to reduce the frequency of security incidents by effectively securing networks, systems, applications and have the appropriate policies and processes in place, and the NIST report helps in providing guidelines on responding to incidents effectively...

Comments  (0)


Hacking Satellite Communications

February 06, 2012 Added by:Plagiarist Paganini

We must consider that compromised satellites are a serious risk, that the exposure could affect communications in the business and military sectors, and could also cause the loss of sensitive and strategic technological information...

Comments  (5)


DMARC Email Authentication Work Group Launched

January 31, 2012 Added by:Headlines

The group's work includes a draft specification that helps create a feedback loop between legitimate email senders and receivers to make impersonation more difficult for phishers trying to send fraudulent email...

Comments  (0)


A Failed Attempt at Optimizing an Infosec Risk Assessment

January 28, 2012 Added by:Bozidar Spirovski

Having a standardized method for risk assessment in infosec based on hard numbers would be great. But since the factors included in any incident are complex and varying, and consistent incident reporting is impossible, we will be sticking to the current qualitative methods...

Comments  (3)


NIST Workshop to Support Trusted IDs in Cyberspace

January 27, 2012 Added by:Headlines

The workshop will focus on how technologies and standards can help the framework of the Identity Ecosystem coalesce. As envisioned by the NSTIC, the Identity Ecosystem is a user-centric online environment—a set of technologies, policies and agreed upon standards...

Comments  (0)


Encryption Basics: It's Not a Mystical Science

January 25, 2012 Added by:PCI Guru

Regardless of the algorithm used, they are not perfect. Over time, encryption algorithms are likely to be shown to have flaws or be breakable. Some flaws may be annoyances that you can work around or you may have to accept some minimal risk of their continued use...

Comments  (0)


ISO 27001 and HITRUST for Healthcare Organizations

January 23, 2012 Added by:John Verry

HITRUST provides a prescriptive set of controls that are mapped and referenced to standards and regulations relevant to healthcare. The idea is to simplify the process of becoming largely compliant with relevant laws and regulations and mitigating most risks...

Comments  (0)


SSAE 16 is NOT SOC 2

December 22, 2011 Added by:david barton

Just when I thought things were getting better, along comes a press release that is wrong on so many levels I don’t even know where to begin. First, SSAE 16 is not a certification. Secondly, SOC 2 is totally unrelated to SSAE 16, which is specific guidance for conducting SOC 1 reviews...

Comments  (2)


NIST Revision Expands Government Authentication Options

December 16, 2011 Added by:Headlines

“Changes made to the document reflect changes in the state of the art. There are new techniques and tools available to government agencies, and this provides them more flexibility in choosing the best authentication methods for their individual needs, without sacrificing security..."

Comments  (0)


NICE Seeks Feedback on Cybersecurity Workforce Framework

December 05, 2011 Added by:Headlines

"Establishing and using a unified framework for cybersecurity work and workers is not merely practical but vital to the nation's cybersecurity. Much as other professions have defined their specialties, it is now time to forge a common set of definitions for the cybersecurity workforce..."

Comments  (1)


Utility Cyber Security is in a State of Near Chaos

November 16, 2011 Added by:Headlines

"Utility cyber security is in a state of near chaos. After years of vendors selling point solutions, utilities investing in compliance minimums rather than full security, and attackers having nearly free rein, the attackers clearly have the upper hand..."

Comments  (0)


NICE Issues Cybersecurity Workforce Framework

November 09, 2011 Added by:Headlines

The framework organizes cybersecurity work into high-level categories ranging from the design, operation and maintenance of cybersecurity systems to incident response, information gathering and analysis. The document is meant to define professional requirements in cybersecurity...

Comments  (0)


IEEE Addresses SCADA Security Standard Challenges

November 08, 2011 Added by:Headlines

"As the rate of bolder, more sophisticated cyber attacks continues to spiral upward, ensuring data integrity and security has become increasingly challenging. By necessity, preventing unauthorized intrusion into critical systems has become a top priority..."

Comments  (0)


NIST Updates Smart Grid Framework Standards

November 08, 2011 Added by:Headlines

"Making such dramatic changes to the power grid requires an overarching vision of how to accomplish the task, and this updated Framework advances that vision. Utilities, manufacturers, equipment testers and regulators will find essential information... that was not previously available..."

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »