Blog Posts Tagged with "NIST"
February 23, 2012 Added by:PCI Guru
Requirement 3.6.4 always seems to be a sticking point because people get caught up in the key expiration concept. The thing to remember is that whether or not a key expires is typically related to the encryption algorithm such as for those using public key infrastructure...
February 22, 2012 Added by:Infosec Island Admin
The National Institute of Standards and Technology (NIST) seeks manufacturers of electronic health record (EHR) systems to participate in a research effort to develop methods for assessing the usability of health information systems...
February 14, 2012 Added by:Infosec Island Admin
The NIST ITL Computer Security Division will host a two-day workshop about the cyber security needed for cyber-physical systems (CPSs), with a focus on results of research and real-world deployment experiences...
February 13, 2012 Added by:Headlines
FISSEA is responsible for promoting cybersecurity awareness, training and education. The annual meeting is geared toward both new and seasoned security officers, IT managers, information security educators and researchers, cybersecurity trainers and teachers...
February 12, 2012 Added by:David Navetta
According to NIST, SP 800-144 is geared for those involved in cloud computing initiatives; security personnel responsible for security and privacy measures for cloud computing; system and network administrators; and users of public cloud computing services...
February 12, 2012 Added by:Neira Jones
Residual risk is inevitable, so incident response becomes a crucial part of managing it. As the risk assessment identifies the assets critical to a business - threats, vulnerabilities and controls - so should the incident response plan concentrate on critical assets...
February 10, 2012 Added by:Headlines
The National Institute of Standards and Technology (NIST) launched a competition for pilot projects to accelerate progress toward improved systems for interoperable, trusted online credentials that go beyond simple user IDs and passwords...
February 08, 2012 Added by:PCI Guru
Never store the obscured value along with the truncated value. Always separate the two values and also implement security on the obscured value so that people cannot readily get the obscured value and the truncated value together without oversight and management approval...
February 06, 2012 Added by:Neira Jones
We should always aim to reduce the frequency of security incidents by effectively securing networks, systems, applications and have the appropriate policies and processes in place, and the NIST report helps in providing guidelines on responding to incidents effectively...
January 27, 2012 Added by:Headlines
The workshop will focus on how technologies and standards can help the framework of the Identity Ecosystem coalesce. As envisioned by the NSTIC, the Identity Ecosystem is a user-centric online environment—a set of technologies, policies and agreed upon standards...
January 26, 2012 Added by:Headlines
Three new draft reports published by the NIST are designed to help both public and private organizations improve the security of their information management systems by developing capabilities for continuous monitoring of security...
January 25, 2012 Added by:PCI Guru
Regardless of the algorithm used, they are not perfect. Over time, encryption algorithms are likely to be shown to have flaws or be breakable. Some flaws may be annoyances that you can work around or you may have to accept some minimal risk of their continued use...
December 29, 2011 Added by:Headlines
SP 800-155 explains the fundamentals of BIOS integrity measurement to determine if the BIOS has been modified and how to report changes. The publication provides detailed guidelines to vendors that develop products to support secure BIOS integrity measurement mechanisms...
December 21, 2011 Added by:Headlines
"The NIST HIPAA Security Toolkit Application is intended to help organizations better understand the requirements of the HIPAA Security Rule, implement those requirements, and assess those implementations in their operational environment..."
December 16, 2011 Added by:Ed Moyle
Credit unions, by virtue of their regulatory context, have more "interpretive latitude" in how technical security controls get implemented. Meaning they should try on PCI compliance before calling out merchants - especially the big ones - for having it soft...
Steps Toward Weaponizing the Android Platfor... Freid Jerome on 05-17-2013