Blog Posts Tagged with "Standards"

3e35900ae6facc6c146a85c435c71d82

The CERT Oracle Secure Coding Standard for Java

October 18, 2011 Added by:Ben Rothke

The CERT Oracle Secure The CERT Oracle Secure Coding Standard for Java is an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Federal Cloud Technology Roadmap to be Introduced

October 18, 2011 Added by:Headlines

NIST’s role is to help accelerate the secure and effective adoption of cloud computing. The agency leads efforts to develop standards and guidelines and advance cloud computing technology in collaboration with standards bodies, businesses, and government agencies...

Comments  (0)

09c2ababe8c6cf526240b751ff11acaa

SOC 2 for Cloud Computing

October 09, 2011 Added by:Chris Schellman, CPA, CISSP, PCI QSA

SOC 2 reports allow cloud providers to communicate information about their services and the suitability of the design and operating effectiveness of their controls to prospective and existing customers in a well-known format that is nearly identical to an SSAE 16 report...

Comments  (2)

09c2ababe8c6cf526240b751ff11acaa

Why Data Centers Need SSAE 16

September 29, 2011 Added by:Chris Schellman, CPA, CISSP, PCI QSA

SSAE 16 is one of the most widely known tools for providing assurances to data center customers. Yet, a myth that the SSAE 16 standard is not applicable to the industry persists. Data center providers have no choice but to arm themselves with the following facts about SSAE 16 applicability...

Comments  (4)

69dafe8b58066478aea48f3d0f384820

NIST Releases Secure Cloud Computing Guidelines

September 15, 2011 Added by:Headlines

NIST is responsible for accelerating the federal government’s secure adoption of cloud computing by leading efforts to develop standards and guidelines in close consultation and collaboration with standards bodies, the private sector and other stakeholders, including federal agencies...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

U.S. - E.U. Collaborate on Smart Grid Standards

September 14, 2011 Added by:Headlines

"The potential benefits of Smart Grids are enormous, they can only be fully reached if we can all agree on global solutions. It is promising to see that NIST and SG-CG will be supporting common positions and areas of collaboration to ensure a consistent set of international standards..."

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Seven Areas of Concern With Cloud Security

August 18, 2011 Added by:Brent Huston

Opportunities abound for those who desire to guide cloud computing. Those concerned with keeping cloud computing an open system drafted an Open Cloud Manifesto, asking that a straightforward conversation needs to occur in order to avoid potential pitfalls...

Comments  (0)

44a2e0804995faf8d2e3b084a1e2db1d

Improving the IT Security Industry – A Top-Down Effort

August 10, 2011 Added by:Don Eijndhoven

Compared to other industries, mistakes made by IT personnel aren't always obvious. Systems may keep on working and may even work properly when its poorly configured. If a system does crash, its often very hard to quantify exactly how much damage there is and what it has cost the company...

Comments  (2)

37d5f81e2277051bc17116221040d51c

Standards Will Bring Mobile Payment Security

August 09, 2011 Added by:Robert Siciliano

The mobile carriers want to control near-field communication and mobile payment fees by maintaining control over the phones payment technology containing their users’ credentials. Meanwhile, consumers crave mobile payment and must adapt until the big guys fight it out to see who ends up top dog...

Comments  (2)

B8b580348b4e717042d0e394ee072001

My Canons on (ISC)² Ethics - Such as They Are

July 25, 2011 Added by:security curmudgeon

In the email thread between ISC2 general counsel Dorsey Morrow and CISSP holder Boris Sverdlik, one of the replies from Morrow was unbelievable. Not only is the email negligent and libelous, it demonstrates unprofessional behavior and a serious lack of knowledge...

Comments  (17)

Fc152e73692bc3c934d248f639d9e963

PCI Compliance Scam? You Tell Me...

July 25, 2011 Added by:PCI Guru

These sorts of actions by organizations just add fuel to the fire for critics to use as another argument as to why the PCI compliance programs are pointless and organizations should not bother with complying with any of the PCI standards...

Comments  (0)

Ec9b0ab31140696dd578b354b1054635

On Romulan Ale and Bird of Prey Malware

July 20, 2011 Added by:Vulcan Mindm3ld

Defenders are bound by a set of process and procedures. An organization’s inflexibility in deviating from them compound the problems. Many changes are often rejected on the basis of economic concerns. The majority are focusing on useless security guidelines such as the DISA PDI GEN001280...

Comments  (2)

46354d89968872cafe0961417bf4179e

DoC Presents a Security Plan for the Rest of Us

June 22, 2011 Added by:Jay Bavisi

We need to identify what is a best practice using currently available standards, and build a framework that allows us to follow this “code of conduct” in an automated way that provides a continuous flow of security, and can pinpoint failures in our security policies in real time...

Comments  (0)

850c7a8a30fa40cf01a9db756b49155a

Security - Stupid Is As Stupid Does

June 12, 2011 Added by:J. Oquendo

With so much being spent on security - Firewalls, Intrusion Detection Systems, Intrusion 'Prevention' Systems, Intrusion 'Tolerance' Systems, Data Loss Prevention, Certified Security Professionals, Standards, Guidelines, and the list goes on, why are these companies failing?

Comments  (18)

Ebb72d4bfba370aecb29bc7519c9dac2

The NIST EMAP is Out

June 11, 2011 Added by:Anton Chuvakin

The Event Management Automation Protocol (EMAP) is a suite of interoperable specifications designed to standardize the communication of event management data. EMAP is an emerging protocol within the NIST Security Automation Program, and is a peer to similar automation protocols...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Commerce Department Calls for Security Code of Conduct

June 09, 2011 Added by:Headlines

"A key role for government is to assist industry in developing these voluntary codes of conduct. These codes of conduct should aim to unify various technical standards that currently exist and identify a broad set of responsibilities that industry members can use as a baseline..."

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »