Latest Files for Download
We Hope SOC 2 Fails...
June 11, 2012
SOC 2 has the potential to unify the risk assurance industry by consolidating multiple audits, standards, and compliance requirements under one umbrella engagement. However, if the market is allowed to define anything as internal controls over financial reporting (ICFR), SOC 2 is destined to fail...
Comments (0)
National Security Leaders Urge Passage of Cybersecurity Bill
June 11, 2012
“Given the time left in this legislative session and the upcoming election this fall, we are concerned that the window of opportunity to pass legislation that is in our view critically necessary to protect our national and economic security is quickly disappearing,” the letter states...
Comments (0)
DOE: Twenty-One Steps to Improve SCADA Security
June 05, 2012
Action is required by all organizations to secure their SCADA networks as part of the effort to protect the nation’s critical infrastructure. The President’s Critical Infrastructure Protection Board and the Department of Energy have developed steps to help organizations improve SCADA security...
Comments (0)
NIST: Cloud Computing Synopsis and Recommendations
June 05, 2012
This document reprises the definition of cloud computing, describes cloud computing benefits and open issues, presents an overview of major classes of cloud technology, and provides guidelines and recommendations on how organizations should consider the opportunities and risks of cloud computing...
Comments (0)
EWI: The Internet Health Model for Cybersecurity
June 04, 2012
“A public health model encompasses several interesting concepts that can be applied to internet security. As use and reliance on the Internet continues to grow, improving Internet health requires all ecosystem members to take a global, collaborative approach to protecting people from potential dangers online”...
Comments (0)
Cybersecurity Outlook: 2012 Summer Olympic Games
June 04, 2012
Scams, malware campaigns and attacks will continue to grow in scale and complexity as the 27 July opening ceremony in London draws near. Event organizers, sponsors and British authorities continue to increase their physical and cybersecurity awareness as the event approaches...
Comments (0)
ENISA: Inventory of CERT Activities in Europe
June 01, 2012
This document aims to provide an overview on the actual situation concerning CERT matters in Europe. It provides a list of response teams and similar facilities by country, but also contains a catalog of co-operation, support and standardization activities related to them....
Comments (0)
DHS: Enabling Distributed Security in Cyberspace
May 24, 2012
This discussion paper explores the idea of a healthy, resilient – and fundamentally more secure – cyber ecosystem of the future, in which cyber participants, including cyber devices, are able to work together in near‐real time to anticipate and prevent cyber attacks...
Comments (0)
Attack Surface: Medical Devices and the Public Health Sector
May 17, 2012
This bulletin highlights how the portability and remote connectivity of medical devices introduce additional risk into Medical IT networks and failure to implement a robust security program will impact the organization’s ability to protect patients and their information...
Comments (0)
China's Intelligence Apparatus: Implications for Foreign Firms
May 16, 2012
A business does not need to be located in the PRC to fall victim to espionage. This problem includes old fashioned spying outside of China, sometimes by a classic sleeper agents or by a PRC-owned or invested firm that assesses, develops, and recruits an agent inside your firm...
Comments (0)
IC3 Releases 2011 Internet Crime Report
May 11, 2012
“Internet crime is a growing problem that affects computer users around the world and causes significant financial losses. The IC3 is an efficient mechanism for the public to report suspicious e-mail activity, fraudulent websites, and Internet crimes..."
Comments (0)
ENISA: National Cyber Security Strategies Analysis
May 09, 2012
To assist in the important task of developing and maintaining a successful national cyber security strategy, ENISA is developing a Good Practice Guide which will present good practices and recommendations on how to develop, implement and maintain a cyber security strategy...
Comments (0)
DHS: National Preparedness Report and Cybersecurity
May 08, 2012
Cyber attacks have increased significantly in number and sophistication resulting in the Federal Government and private sector partners expanding their cybersecurity efforts. US-CERT reported an over 650-percent increase in the number of incidents reported by federal agencies...
Comments (0)
NIST: Strategies to Mitigate Risk in the Federal ICT Supply Chain
May 07, 2012
Federal systems are increasingly at risk to both intentional and unintentional security risks introduced into their supply chain. The document provides a set of 10 practices intended to help federal departments and agencies manage the risk associated with the ICT supply chain...
Comments (0)
NIST's Randomness Beacon Development
May 03, 2012
NIST is currently implementing and enhancing the Randomness Beacon. NIST will make the prototype available as a service to promote research, development, and demonstration of cryptographic security protocols that assume the availability of a trusted source of randomness...
Comments (0)
Advanced Methods of Bypassing Website Security
May 01, 2012
There are many methods of defense which admins use to block access to their sites or to the parts of the site's functionality. Among such methods there are use of CAPTCHAs and blocking by IP. But not all such methods are reliable enough, and there are ways to bypass them...
Comments (0)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox