Blog Posts Tagged with "NIST"
Encryption Key Management Primer – Requirement 3.6
February 23, 2012 Added by:PCI Guru
Requirement 3.6.4 always seems to be a sticking point because people get caught up in the key expiration concept. The thing to remember is that whether or not a key expires is typically related to the encryption algorithm such as for those using public key infrastructure...
Comments (0)
NIST Pursues Health Record System Usability Testing
February 22, 2012 Added by:Infosec Island Admin
The National Institute of Standards and Technology (NIST) seeks manufacturers of electronic health record (EHR) systems to participate in a research effort to develop methods for assessing the usability of health information systems...
Comments (0)
NIST Cybersecurity for Cyber-Physical Systems Workshop
February 14, 2012 Added by:Infosec Island Admin
The NIST ITL Computer Security Division will host a two-day workshop about the cyber security needed for cyber-physical systems (CPSs), with a focus on results of research and real-world deployment experiences...
Comments (0)
NIST Hosts Federal Infosec Educators Conference
February 13, 2012 Added by:Headlines
FISSEA is responsible for promoting cybersecurity awareness, training and education. The annual meeting is geared toward both new and seasoned security officers, IT managers, information security educators and researchers, cybersecurity trainers and teachers...
Comments (0)
NIST Finalized Guidelines for Security in the Cloud
February 12, 2012 Added by:David Navetta
According to NIST, SP 800-144 is geared for those involved in cloud computing initiatives; security personnel responsible for security and privacy measures for cloud computing; system and network administrators; and users of public cloud computing services...
Comments (0)
Incident Response and Risk Management Go Hand in Hand
February 12, 2012 Added by:Neira Jones
Residual risk is inevitable, so incident response becomes a crucial part of managing it. As the risk assessment identifies the assets critical to a business - threats, vulnerabilities and controls - so should the incident response plan concentrate on critical assets...
Comments (0)
NIST Seeks Proposals to Improve Trust in Cyberspace
February 10, 2012 Added by:Headlines
The National Institute of Standards and Technology (NIST) launched a competition for pilot projects to accelerate progress toward improved systems for interoperable, trusted online credentials that go beyond simple user IDs and passwords...
Comments (0)
Encryption: On Hashing Basics
February 08, 2012 Added by:PCI Guru
Never store the obscured value along with the truncated value. Always separate the two values and also implement security on the obscured value so that people cannot readily get the obscured value and the truncated value together without oversight and management approval...
Comments (0)
Incident Response: Have You Got a Plan?
February 06, 2012 Added by:Neira Jones
We should always aim to reduce the frequency of security incidents by effectively securing networks, systems, applications and have the appropriate policies and processes in place, and the NIST report helps in providing guidelines on responding to incidents effectively...
Comments (0)
Paper Clarifies PaaS for Federal IT Buyers
February 06, 2012 Added by:Kevin L. Jackson
“Whereas the first wave of cloud computing was about consolidating data centers, the PaaS wave is about consolidating applications. It will be a more complex ride, but the savings will be greater...”
Comments (0)
NIST Workshop to Support Trusted IDs in Cyberspace
January 27, 2012 Added by:Headlines
The workshop will focus on how technologies and standards can help the framework of the Identity Ecosystem coalesce. As envisioned by the NSTIC, the Identity Ecosystem is a user-centric online environment—a set of technologies, policies and agreed upon standards...
Comments (0)
NIST Draft Guidance for Monitoring IT System Security
January 26, 2012 Added by:Headlines
Three new draft reports published by the NIST are designed to help both public and private organizations improve the security of their information management systems by developing capabilities for continuous monitoring of security...
Comments (0)
Encryption Basics: It's Not a Mystical Science
January 25, 2012 Added by:PCI Guru
Regardless of the algorithm used, they are not perfect. Over time, encryption algorithms are likely to be shown to have flaws or be breakable. Some flaws may be annoyances that you can work around or you may have to accept some minimal risk of their continued use...
Comments (0)
NIST Guidelines: Protecting Computers at Start-Up
December 29, 2011 Added by:Headlines
SP 800-155 explains the fundamentals of BIOS integrity measurement to determine if the BIOS has been modified and how to report changes. The publication provides detailed guidelines to vendors that develop products to support secure BIOS integrity measurement mechanisms...
Comments (0)
HIPAA Security Rule Toolkit Available from NIST
December 21, 2011 Added by:Headlines
"The NIST HIPAA Security Toolkit Application is intended to help organizations better understand the requirements of the HIPAA Security Rule, implement those requirements, and assess those implementations in their operational environment..."
Comments (1)
Chatting With An Auditor About Credit Union Compliance
December 16, 2011 Added by:Ed Moyle
Credit unions, by virtue of their regulatory context, have more "interpretive latitude" in how technical security controls get implemented. Meaning they should try on PCI compliance before calling out merchants - especially the big ones - for having it soft...
Comments (0)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!