Items Tagged with "Guidelines"
Help Create an Easy to Use Open Source Risk Equation
October 09, 2012 Added by:Matt Neely
The information security industry has attempted to adapt existing Risk Management practices for the task of managing information security. Numerous frameworks have been devised over the years, including FAIR, OCTAVE, ISO 27001/27005 and NIST 800-53/NIST 800-39, just to name a few...
Comments (0)
Federal CIO Council Releases BYOD Toolkit
September 19, 2012 Added by:David Navetta
The BYOD movement, barring a black swan event, is likely to continue to gather steam – though not without detractors. And as the Toolkit notes, BYOD remains a nascent movement with real concerns and numerous issues to be worked through, along with the establishment of new practices...
Comments (0)
Tallinn Manual on International Law Applied to Cyber Warfare
September 06, 2012 Added by:Stefano Mele
The Tallinn Manual pays particular attention to international law governing the use of force as an instrument of national policy and laws regulating the conduct of armed conflict, also labeled the law of war, the law of armed conflict, or international humanitarian law...
Comments (0)
New NIST Guidelines on Securing BIOS for Servers
August 24, 2012
The NIST is requesting comments on new draft guidelines for securing BIOS systems for server computers. BIOS Protection Guidelines for Servers is written for server developers and information system security professionals responsible for server security, secure boot processes and hardware security modules...
Comments (0)
NIST: Updated Computer Security Incident Handling Guide
August 15, 2012
During the chaotic first minutes when a computer system is under attack, having a well-prepared incident response plan to follow ensures that steps occur in the correct order. The revised NIST guide provides instructions for new or well-established incident response teams to create a proper policy and plan...
Comments (0)
NIST Guide to Intrusion Detection and Prevention Systems
August 02, 2012
This publication describes the characteristics of IDPS technologies and provides recommendations for designing, implementing, configuring, securing, monitoring, and maintaining them. The types of IDPS technologies are differentiated by the events that they monitor and the ways in which they are deployed...
Comments (0)
NIST Draft Guide to Malware Incident Prevention and Handling
July 31, 2012
This publication provides recommendations for improving an organization’s malware incident prevention measures. It also gives extensive recommendations for enhancing an organization’s existing incident response capability so that it is better prepared to handle malware incidents, particularly widespread ones...
Comments (0)
NIST: Guide to Rating Software Vulnerabilities from Misuse
July 29, 2012 Added by:Headlines
A new guide from the National Institute of Standards and Technology (NIST) describes a "scoring system" that computer security managers can use to assess the severity of security risks arising from software features that are designed under an assumption that users are operating these features as intended...
Comments (0)
ICS-CERT: Windows XP Support End of Life
July 18, 2012 Added by:Infosec Island Admin
ICSCERT has identified three technology deployment areas to evaluate when considering the upcoming EOL of XP SP3 across ICS environments. Applications installed on Windows XP SP3 operating system builds on standard IT equipment, including engineering workstations, HMI servers, historian systems, etc...
Comments (0)
NIST Recommendations for Cryptographic Key Management
July 17, 2012
Developers are presented with many choices in their use of cryptographic mechanisms. Inappropriate choices may result in an illusion of security, but little or no real security for the application. This Recommendation provides information and establishes frameworks to support appropriate decisions...
Comments (0)
A Step-by-Step Guide for Choosing the Best Scanner
July 16, 2012 Added by:Shay Chen
There hasn't been any independent methodology for evaluating web application vulnerability scanners in a while. The following is a comprehensive guide for choosing the best scanner based on conclusions from the 2012 benchmark study - a comparison of 10 crucial aspects of 60 web application vulnerability scanners...
Comments (0)
NIST: Test Framework for Upgrading Smart Electrical Meters
July 13, 2012 Added by:Infosec Island Admin
"Companies will be able to tailor these generic test criteria to their own systems. To make it an effective framework, we made sure that it contains consistent, repeatable tests they can run, producing documentation that contains adequate, accurate information regardless of the individual system..."
Comments (0)
NIST Guidelines for Securing Mobile Devices in the Enterprise
July 11, 2012
The purpose of this publication is to help organizations centrally manage and secure mobile devices against a variety of threats. This publication provides recommendations for selecting, implementing, and using centralized management technologies, and it explains the security concerns inherent in mobile device use...
Comments (0)
ENISA Report: Ten Smart Grid Security Recommendations
July 10, 2012
By making energy distribution more efficient, smart grids give clear benefits to users, electricity suppliers, grid operators, and society as a whole. At the same time, their dependency on computer networks and Internet makes our society more vulnerable to cyber-attacks, with potentially devastating results...
Comments (0)
Electricity Subsector Cybersecurity Capabilities Maturity Model
July 03, 2012
The goal of the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) is to support ongoing development and measurement of cybersecurity capabilities within the electricity subsector. The model was developed to apply to all electric utilities, regardless of ownership structure, size, or function...
Comments (0)
Password Security: The Main Vein
July 02, 2012 Added by:Ahmed Saleh
Your passwords should be treated as "high sensitive information", and you are responsible for taking the appropriate steps to select and secure this information. Information system users should be aware of the characteristics of weak and strong passwords in order to ensure adequate protection of their information...