Latest Files for Download
The Revised Cybersecurity Act of 2012
July 20, 2012
"Critical infrastructure is increasingly vulnerable to cyber threats... The destruction or exploitation of critical infrastructure through a cyber attack, whether a nuclear power plant, a region’s water supply, or a major financial market, could cripple our economy, our national security... We must act now..."
Comments (1)
Making Your Security Configuration Data a Business Enabler
July 18, 2012
When organizations invest in developing security configurations for systems in their various data centers, they want to know that progress is being made toward their implementation. Executive staff needs high-level evidence of this, while system operators need detailed information that shows system shortcomings...
Comments (0)
NIST Recommendations for Cryptographic Key Management
July 17, 2012
Developers are presented with many choices in their use of cryptographic mechanisms. Inappropriate choices may result in an illusion of security, but little or no real security for the application. This Recommendation provides information and establishes frameworks to support appropriate decisions...
Comments (0)
GAO: Aligning Electronic and Cyber Warfare Operations
July 16, 2012
DOD has taken steps to address a critical electronic warfare management gap, but it has not established a departmentwide governance framework for electronic warfare. DOD’s oversight of electronic warfare capabilities may be further complicated by its evolving relationship with computer network operations...
Comments (0)
NIST Guidelines for Securing Mobile Devices in the Enterprise
July 11, 2012
The purpose of this publication is to help organizations centrally manage and secure mobile devices against a variety of threats. This publication provides recommendations for selecting, implementing, and using centralized management technologies, and it explains the security concerns inherent in mobile device use...
Comments (0)
System State Intelligence Puts Security in Your Control
July 11, 2012
Most security teams try to protect their technology infrastructure and data by catching the bad guys in the act. They sift through billions of lines of network and log data each day looking for atypical behavior and attack signatures. They also try to protect a perimeter that no longer exists...
Comments (0)
ENISA Report: Ten Smart Grid Security Recommendations
July 10, 2012
By making energy distribution more efficient, smart grids give clear benefits to users, electricity suppliers, grid operators, and society as a whole. At the same time, their dependency on computer networks and Internet makes our society more vulnerable to cyber-attacks, with potentially devastating results...
Comments (0)
ICS-CERT Incident Response Summary Report
July 05, 2012
DHS Control Systems Security Program operates ICS-CERT to provide focused operational capabilities for defense of control system environments against emerging cyber threats. This report provides a summary of cyber incidents, onsite deployments, and associated findings from 2009 through the end of 2011...
Comments (0)
Electricity Subsector Cybersecurity Capabilities Maturity Model
July 03, 2012
The goal of the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) is to support ongoing development and measurement of cybersecurity capabilities within the electricity subsector. The model was developed to apply to all electric utilities, regardless of ownership structure, size, or function...
Comments (0)
GAO: Cyber Threats Facilitate Economic Espionage
June 29, 2012
The magnitude of the threat is compounded by the ever-increasing sophistication of cyber attack techniques... that may combine multiple techniques... Threat actors may target individuals and businesses, resulting in, among other things, loss of sensitive personal or proprietary information...
Comments (0)
ENISA Report Calls for Kick-Start in Cyber Insurance Market
June 29, 2012
The report, ‘Incentives and barriers to the cyber insurance market in Europe,’ highlights the fact that while cyber security is an important concern for policy makers, businesses and citizens, traditional coverage offered by insurance providers may not comprehensively address digital risk...
Comments (0)
Automated Vulnerability Assessments are not Enough
June 26, 2012
What we really need is a holistic approach to detect/validate vulnerabilities besides determining if the system complies with IS policies. An IS audit needs to be added to our set of activities to perform a complete security assessment. Let’s start by describing the IS Audit process from the very beginning...
Comments (0)
International Coalition Issues Cybersecurity Policy Principles
June 26, 2012
"Policymakers are keenly focused on the development of smart, effective, robust cyber defenses... The tech sector wants to ensure that the digital world’s foundation of openness and collaboration is not lost to a well-intentioned but poorly constructed international patchwork of cyber defenses"...
Comments (0)
The DOD's Mobility Device Strategy Released
June 20, 2012
“This strategy is not simply about embracing the newest technology - it is about keeping the DoD workforce relevant in an era when information and cyberspace play a critical role in mission success," said Teri Takai, Department of Defense chief information officer...
Comments (0)
NIST Guide to Bluetooth Security Final Version
June 15, 2012
The Guide to Bluetooth Security describes the security capabilities of technologies based on Bluetooth, an open standard for short-range radio frequency communication, and gives recommendations to organizations on securing their devices effectively....
Comments (0)
ENISA Report: The Threat from Flamer
June 12, 2012
Flamer, according to technical analyses of various security teams, is a stealthy information stealer hitting hundreds of targeted PC users across the Middle East. However, it should not be dismissed on the grounds of geography or numbers affected. ENISA has published an analysis of the threat...
Comments (0)
- The Cyber Car: The Intimate Tango of the 21st Century
- Adylkuzz: WannaCry’s Older and More Devious Cousin
- Cloud Control: Key Points to Consider When Going to the Cloud
- WannaCry Shows World the Need for Endpoint Security
- The Administrative Credentials Security Hole
- Reducing Identity-related Risks: The Complete Package or a One-Man Show?
- Live Webinar: Combining Pen Testing & Incident Detection
- SAP Cyber Threat Intelligence Report – May 2017
- Convenience vs. Control: Achieving the Right Security Balance
- The Enterprise IoT Security Checklist for Today - and Tomorrow