Latest Files for Download

7fef78c47060974e0b8392e305f0daf0

NIST Draft: Designing Cryptographic Key Management Systems

April 23, 2012

This Framework for Designing Cryptographic Key Management Systems (CKMS) contains topics that should be considered by a CKMS designer when developing a CKMS design specification. NIST requests comments on the publication...

Comments  (0)

1a490136c27502563c62267354024cd5

Understanding CSRF Attacks on Network Devices

April 19, 2012

Similar to vulnerabilities in applications on websites, there are also vulnerabilities in the admin panels of different network devices, including Cross-Site Request Forgery(CSRF)vulnerabilities where hackers attack users who have access to those network devices...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

NIST: Proposed Changes for Digital Signature Standard

April 19, 2012

The proposed revisions provide clarification on how to implement the digital signature algorithms approved in the standard: the Digital Signature Algorithm (DSA), the Elliptic Curve Digital Signature Algorithm (ECDSA) and the Rivest-Shamir-Adelman algorithm (RSA)...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

NIST Workshop: Cybersecurity for Cyber-Physical Systems

April 18, 2012

On April 23 and 24, 2012, the NIST ITL Computer Security Division will host a two-day workshop about the cyber security needed for cyber-physical systems, with a focus on results of research and real-world deployment experiences. Agenda and abstracts available here...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ENISA: Guidelines for Monitoring Cloud Computing Contracts

April 05, 2012

Cloud computing services are increasingly important for governments and businesses, and information security is a key pain-point. To help solve this problem ENISA released a guide focusing on continuous security monitoring throughout the life-cycle of a cloud contract...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ENISA Calls for Permanent Stakeholders’ Group Experts

April 03, 2012

The Permanent Stakeholders’ Group will be composed of leading experts in network and information security representing relevant stakeholders, such as information and communication technologies industry, consumer and user organizations, as well as academic and research institutions...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

GAO Report: IT Supply Chain Security Risks

March 30, 2012

The exploitation of information technology (IT) products and services through the global supply chain is an emerging threat that could degrade the confidentiality, integrity, and availability of critical and sensitive agency networks and data...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ENISA: Study on Data Collection and Storage

March 27, 2012

Given the contrast between the importance of the privacy by design principle and the reality of lax data protection practices with many service providers, the aim of this study is to present an analysis of the relevant legal framework on the principles of minimal disclosure...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Offensive Threat Modeling for Attackers: The Determined Attacker

March 23, 2012

Information security teams have gotten good at deterring or catching the 'script kiddie' or novice attacker and claiming victory and success. This clearly isn't enough as the world evolves and the threats to your organization evolve with it...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ENISA: An Economic Model for Pricing Personal Information

March 23, 2012

The main goal of this report is to enable a better understanding of the interaction of personalization, privacy concerns and competition between online service providers. Consumers benefit from personalization of products on the one hand, but might be locked in to services on the other...

Comments  (0)

1a490136c27502563c62267354024cd5

Network Footprinting: Finding Your Target

March 21, 2012

Network footprinting is perhaps the first active step in the recognizance phase of an external network security engagement. This phase is often highly automated and the techniques can be easily applied in a general fashion across a broad range of targets...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

NIST Guidance on Wireless Local Area Network Security

March 14, 2012

NIST has released a guide for enhanced security for wireless local area networks (WLAN) which provides recommendations on standardizing WLAN security configurations including configuration design, implementation, evaluation and maintenance and monitoring tools...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

INSA Report: Cloud Computing for the Intelligence Community

March 13, 2012

The INSA white paper provides critical analysis of current cloud computing adoption best practices, and discusses potential cost savings, likely impacts on government organizational culture, potential deployment models and necessary security measures...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT Monthly Monitor Report for February 2012

March 12, 2012

In January, ICS-CERT identified and responded to a cyber intrusion into a building Energy Management System used to control heating and cooling for a state government facility. The incident was identified by ICS-CERT after correlating information posted in open sources...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

NIST Releases Framework for Smart Grid Standards

March 08, 2012

Cybersecurity is now expanded to address the following: combined power systems, information technology and communication systems in order to maintain the reliability, the physical security of all components, and the reduced impact of coordinated cyber-physical attacks...

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

A Quick Look at Spear Phishing via SurveyMonkey

March 05, 2012

Many people who respond to these surveys are oblivious to what is going on and think that their answers are confidential. That may be the case with a legitimate survey, except when a phisher is using the system. Here is a quick example of how this attack is conducted...

Comments  (0)


« < | 2 - 3 - 4 - 5 - 6 | > »