Blog Posts Tagged with "Guidelines"
FBI Guidance of Combating the Insider Threat
May 15, 2012 Added by:Infosec Island Admin
The thief who is harder to detect and who could cause the most damage is the insider — the employee with legitimate access. They may steal solely for personal gain or be a “spy”—someone who is stealing company information or products in order to benefit another organization or country...
Comments (0)
ICS-CERT: Getting Started Securing Industrial Assets
May 04, 2012 Added by:Infosec Island Admin
Over the past year significant discoveries in the areas of adversarial capabilities have identified that many companies across the 18 critical infrastructure and key resources (CIKR) are struggling to cope with the growing threats. Efforts have been taken to defend critical assets...
Comments (0)
Guide to the OWASP Application Security Top Ten
May 01, 2012 Added by:Fergal Glynn
Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security. All of its articles, methodologies and technologies are made available free of charge to the public...
Comments (0)
Duty to Authenticate Identity: Online Banking Breach Lawsuits
April 27, 2012 Added by:David Navetta
The attenuated nature of online relationships creates an opportunity for criminals to steal or spoof online identities and use them for monetary gain. The ability of one party to authenticate the identity of the other party in an online transaction is of key importance...
Comments (0)
NIST: Technical Guidance for Evaluating Electronic Health Records
April 03, 2012 Added by:Infosec Island Admin
“This guidance can be a useful tool for EHR developers to demonstrate that their systems don’t lead to use errors... It will provide a way for developers and evaluators to objectively assess how easy their EHR systems are to learn and operate, while maximizing efficiency...”
Comments (0)
NIST Draft Addresses Security Threats and Privacy Controls
March 07, 2012 Added by:David Navetta
NIST notes that many of the changes were driven by particular security issues and challenges requiring greater attention including, insider threats, mobile and cloud computing, application security, firmware integrity, supply chain risk, and advanced persistent threats...
Comments (0)
Secure Now or Forever...
February 25, 2012 Added by:Pamela Gupta
Traditional access control is simple, but permission-based access has become challenging – applications that request the user’s permission to access sensitive data explicitly. We are expecting users to be system administrators without adequate training, which is not feasible...
Comments (0)
NLRB Issued Second Report on Social Media Enforcement
February 17, 2012 Added by:David Navetta
As we have previously noted in prior posts about the NLRB’s social media enforcement actions, employers should carefully review and adjust their social media policies and practices in light of the NLRB’s guidance and enforcement...
Comments (0)
NIST Finalized Guidelines for Security in the Cloud
February 13, 2012 Added by:David Navetta
According to NIST, SP 800-144 is geared for those involved in cloud computing initiatives; security personnel responsible for security and privacy measures for cloud computing; system and network administrators; and users of public cloud computing services...
Comments (0)
Metasploit: The Penetration Tester's Guide
January 30, 2012 Added by:Ben Rothke
The Metasploit Project is an open-source security project that provides information about security vulnerabilities and assists those performing the penetration tests in building a framework in which to carry out the testing...
Comments (1)
NIST Draft Guidance for Monitoring IT System Security
January 26, 2012 Added by:Headlines
Three new draft reports published by the NIST are designed to help both public and private organizations improve the security of their information management systems by developing capabilities for continuous monitoring of security...
Comments (0)
OTA: 2012 Data Protection and Breach Readiness Guide
January 24, 2012 Added by:Headlines
In 2011, over 558 incidents were reported at a cost to U.S. businesses of more than $6.5 billion dollars. It is estimated over 50% were a result of a server exploits; of which 96% were avoidable if the recommendations outlined in the OTA report had been implemented...
Comments (0)
IC3: Recovery from the Malicious Erasure of Files
January 23, 2012 Added by:Headlines
Cyber criminals can damage a victim's computer by changing or deleting files, wiping hard drives, or erasing backups to hide some or all of their malicious activity and tradecraft. The FBI and DHS encourage businesses and individuals to employ these mitigation strategies...
Comments (0)
WOMMA Releases Social Media Marketing Privacy Guidelines
January 19, 2012 Added by:Headlines
WOMMA applauds the FTC's efforts at making transparency a key point. While it is not yet clear what effect these developments have had on the online marketing industry - we appreciate the agency's efforts to allow industry leaders to develop self-regulatory initiatives...
Comments (0)
FFIEC Banking Security Guidelines In Effect Soon
January 05, 2012 Added by:Robert Siciliano
The FFIEC updated security guidelines go into effect in less than a month. It is imperative that financial institutions recognize that the security precautions currently in place are ineffective in the face of new, more sophisticated attacks...
Comments (0)
Government Can Save Millions Reforming Security Policy
December 30, 2011 Added by:Headlines
“The members all share the same belief that these inefficiencies can be greatly reduced. By taking action now we can conserve our resources and ensure our capacity for critical national security activities in the future...”
Comments (0)
- Not Totally Sure What Just Happened...
- Has Anonymous Infiltrated the US Government?
- Big Opportunities in the Cloud
- Zeus Malware Targeting Facebook, Gmail and Yahoo Users
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR