Blog Posts Tagged with "NIST"
Detailed FISMA Logging Guidance
April 14, 2011 Added by:Anton Chuvakin
FISMA emphasizes the need for each Federal agency to develop, document, and implement an organization-wide program to secure the information systems that support its operations and assets. Here is what is likely needed for a successful FISMA-driven log management implementation...
Comments (0)
Next Generation Power Grid Security
March 22, 2011 Added by:Ben Rothke
With the benefits of AMI come security and privacy issues, and those open the metering infrastructure to thieves, stalkers, and a range of other threats. AMI also opens up a new set of privacy issues in that the AMI devices will be collecting significant amounts of personal energy data...
Comments (0)
Complete PCI DSS Log Review Procedures Part 18 FINAL
March 22, 2011 Added by:Anton Chuvakin
For log exceptions copied from log aggregation tool or from the original log file, make sure that the entire log is copied, especially its time stamp, which is likely to be different from the time of this record, and the system from which it came from - what/when/where, etc...
Comments (0)
Do You Know About Heavyweight NERC CIP 011-1?
March 13, 2011 Added by:Ron Lepofsky
Electrical utilities are already challenged with the process of becoming certified for compliance with the NERC CIP standard for IT security. The NERC CIP standard is evolving, thank goodness. Perhaps you haven’t noticed the innocuous sounding proposed new standard now in the creation process...
Comments (2)
On Cloud Logging Standards and Unique IDs
March 07, 2011 Added by:Anton Chuvakin
Cloud computing, as defined by NIST, has inherent multi-tenancy, elasticity, immediate provisioning and other fun properties, not found in traditional applications and platforms – whether distributed or not. All of these happen to affect accountability, auditability and transparency...
Comments (0)
Federal Cloud Computing Strategy Officially Launched
February 20, 2011 Added by:Kevin L. Jackson
Cloud computing allows the Federal Government to use its IT investments in a more innovative way and to adopt innovations from the private sector. Cloud computing will also help IT services take advantage of leading-edge technologies including devices such as tablet computers and smart phones...
Comments (0)
Department of Energy Takes on Smart Grid Security
February 19, 2011 Added by:David Navetta
The core team has invited stakeholders from across the utility sector to participate in the initiative, including representatives from the Federal Energy Regulatory Commission, the Department of Homeland Security, and both publicly and privately-owned utilities...
Comments (1)
More On The Cloud And PCI Compliance
January 28, 2011 Added by:PCI Guru
PCI DSS can be applied to “the cloud” in its existing form. Then where is the problem? The first problem with “the cloud” is in defining “the cloud.” If you were to ask every vendor of cloud computing to define “the cloud,” I will guarantee you will get a unique answer from each vendor asked...
Comments (1)
NIST Launches Cloud Computing Collaboration Twiki
January 10, 2011 Added by:Kevin L. Jackson
The National Institute of Standards and Technology (NIST) has been designated by Federal Chief Information Officer Vivek Kundra to accelerate the federal government’s secure adoption of cloud computing by leading efforts to develop standards and guidelines..
Comments (1)
National Defense Authorization Act Omits Cybersecurity
December 22, 2010 Added by:Headlines
The omitted language includes the creation of White House based office to coordinate cybersecurity efforts and the creation of a Federal Cybersecurity Practice Board to enforce Federal Information Security Management Act compliance and implementation of NIST recommendations...
Comments (0)
NIST Moves Forward on Cloud Computing
November 13, 2010 Added by:Kevin L. Jackson
The National Institute of Standards and Technology (NIST) held their second Cloud Computing Forum and Workshop. Of particular note was the cloud computing simulation model project known as Koala that focuses on the behavior of infrastructure-as-a-service cloud systems. Other highlights included...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)