Latest Files for Download

7fef78c47060974e0b8392e305f0daf0

Secure Communications for CERTs and Stakeholders

December 29, 2011

ENISA seeks to identify the most suitable technology and platform to provide secure channels to improve communications with CERTs and other stakeholders. Secure transportation of information assures some combination of confidentiality, integrity and authenticity of the data...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ENISA Releases Industrial Control Systems Security Report

December 19, 2011

"These systems have faced a notable number of incidents. These include the Stuxnet attack, believed to have used bespoke malware to target nuclear control systems in Iran, and the recent DuQu -‘upgraded variant’ of this malware. These incidents caused great security concerns among ICS users..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ENISA on Cyber Security: Future Challenges and Opportunities

December 13, 2011

Our society has become irreversibly dependent on Information and Communication Technologies (ICTs). Unfortunately, the adoption of them has been accompanied by the development of a new set of cyber threats which are developing in ever more rapid, sophisticated and sinister ways...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ENISA Report: Proactive Detection of Network Security Incidents

December 09, 2011

The report reveals that not all available tools are used by the ‘’digital fire-brigades’’, the Computer Emergency Response Teams (CERTs) to effectively fight cyber threats. Therefore, the Agency issues 35 recommendations to data providers and consumers to mitigate the shortcomings...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ENISA Smartphone Secure Development Guidelines

December 07, 2011

This document was produced jointly with the OWASP mobile security project. It is also published as an ENISA deliverable in accordance with our work programme 2011. It is written for developers of smartphone apps as a guide to developing secure applications...

Comments  (0)

77e3eae478e825109a2d75de7caa8c55

(Almost) All Your (BASE) Are Belong to Us!

December 01, 2011

The HTML element Cross Site Scripting (XSS) I will discuss abuses the "best practice" among web developers to use relative links and the tendency of web browsers to parse incorrect HTML. HTML tags are often used in XSS attacks to an attacker inject dangerous javascript or html content...

Comments  (2)

509ea0c1f4a210534eb004d35c10aa2d

Internet Security Alliance Endorses Cyber Security Legislation

November 18, 2011

"The House Cyber Security Task Force Report highlights the need to create a menu of economic incentives for the private sector to enhance its cyber security, rather than creating a large and unspecified regulatory apparatus at the Department of Homeland Security," Clinton said...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Tracking Performance of Software Security Assurance

October 19, 2011

This paper reveals the five SSA program KPIs, their methods of collection, their importance to the organization, and how to present them in a way that demonstrates measurable success of your security strategy, and sets the groundwork to advance beyond simple metrics...

Comments  (0)

A9fc84b897add9c382a8f3fa43ce5341

A New Approach to Data Centric Security

October 18, 2011

Data has to be independently classified based on availability, integrity and confidentiality. It needs to be data centric, not focusing on the systems or databases so that while data “travels” through the infrastructure it will keep these attributes without relying on source systems...

Comments  (0)

509ea0c1f4a210534eb004d35c10aa2d

ISA: Financial Management of Cyber Risk

October 04, 2011

ISA President Larry Clinton was joined by former ISA Chair Ty Sagalow, ISA Chief outside counsel Tom Jackson and Ed Stull from DCR in illustrating how and why cyber events are often misanalyzed by organizations leading to financial impacts which can also be underestimated...

Comments  (0)

58bc13ef5da5ac4fc32d41c3fbc0e460

The Leaking Vault 2011: Six Years of Data Breaches

September 15, 2011

The Leaking Vault 2011 presents data gathered from studying 3,765 publicly disclosed data breach incidents, and is the largest study of its kind to date. Information was gleaned from the organizations that track these events, as well as government sources...

Comments  (0)

850c7a8a30fa40cf01a9db756b49155a

Defending the Castle by Actively Abusing It

April 25, 2011

Contrary to popular belief, realistic “adversarial” testing can be accomplished in a responsible manner without the consequences of “bringing down the house". Offered are arguments and counterpoints against organizational decisions that disallow certain types of testing...

Comments  (2)

44a2e0804995faf8d2e3b084a1e2db1d

Cyber Deterrence - Methods and Effectiveness

March 28, 2011

The term "Cyber Deterrence" is gaining traction lately, with regard to the act of deterring cyber attacks. I've seen at least one author (Richard Clarke) use it in his book about Cyber Warfare. In many cases the proponents of this term invoke existing Deterrence Strategies such as the MAD doctrine...

Comments  (0)

E11e506024f5d2b70f037b9af4734f33

Cyberwarfare and Its Damaging Effects on Citizens

February 17, 2011

In order to analyze the real damage that a hypothetical cyberwar or individual act of cyberwarfare could do to the citizens of any nation coming under attack, it is fundamental to begin with some reflections which will help us reach a full understanding of the phenomenon and its related practical implications.

Comments  (1)

E1ee35e6f304499783d31cafb08e1d81

Beyond Due Diligence

October 21, 2010

Beyond Due Diligence (free PDF) is a reference and awareness guide for professional services providers, private equity investors, commercial lenders, industry senior management and Business Owners.

Comments  (1)

6429389c5e8a4c9555be876f8484331a

Justifying IT Security

September 21, 2010

One of the most difficult issues security managers have is justifying how they spend their limited budgets. For the most part, information security budgets are determined by percentages of the overall IT budget. This implies that security is basically a “tax” on IT, as opposed to providing value back to the organization. The fact is that security can provide value to the organization, if there...

Comments  (1)


« < | 3 - 4 - 5 - 6 - 7 | > »