Blog Posts Tagged with "Standards"


The CERT Oracle Secure Coding Standard for Java

October 18, 2011 Added by:Ben Rothke

The CERT Oracle Secure The CERT Oracle Secure Coding Standard for Java is an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits...

Comments  (0)


Federal Cloud Technology Roadmap to be Introduced

October 18, 2011 Added by:Headlines

NIST’s role is to help accelerate the secure and effective adoption of cloud computing. The agency leads efforts to develop standards and guidelines and advance cloud computing technology in collaboration with standards bodies, businesses, and government agencies...

Comments  (0)


SOC 2 for Cloud Computing

October 09, 2011 Added by:Chris Schellman, CPA, CISSP, PCI QSA

SOC 2 reports allow cloud providers to communicate information about their services and the suitability of the design and operating effectiveness of their controls to prospective and existing customers in a well-known format that is nearly identical to an SSAE 16 report...

Comments  (2)


Why Data Centers Need SSAE 16

September 29, 2011 Added by:Chris Schellman, CPA, CISSP, PCI QSA

SSAE 16 is one of the most widely known tools for providing assurances to data center customers. Yet, a myth that the SSAE 16 standard is not applicable to the industry persists. Data center providers have no choice but to arm themselves with the following facts about SSAE 16 applicability...

Comments  (4)


NIST Releases Secure Cloud Computing Guidelines

September 15, 2011 Added by:Headlines

NIST is responsible for accelerating the federal government’s secure adoption of cloud computing by leading efforts to develop standards and guidelines in close consultation and collaboration with standards bodies, the private sector and other stakeholders, including federal agencies...

Comments  (0)


U.S. - E.U. Collaborate on Smart Grid Standards

September 14, 2011 Added by:Headlines

"The potential benefits of Smart Grids are enormous, they can only be fully reached if we can all agree on global solutions. It is promising to see that NIST and SG-CG will be supporting common positions and areas of collaboration to ensure a consistent set of international standards..."

Comments  (0)


Seven Areas of Concern With Cloud Security

August 18, 2011 Added by:Brent Huston

Opportunities abound for those who desire to guide cloud computing. Those concerned with keeping cloud computing an open system drafted an Open Cloud Manifesto, asking that a straightforward conversation needs to occur in order to avoid potential pitfalls...

Comments  (0)


Improving the IT Security Industry – A Top-Down Effort

August 10, 2011 Added by:Don Eijndhoven

Compared to other industries, mistakes made by IT personnel aren't always obvious. Systems may keep on working and may even work properly when its poorly configured. If a system does crash, its often very hard to quantify exactly how much damage there is and what it has cost the company...

Comments  (2)


Standards Will Bring Mobile Payment Security

August 09, 2011 Added by:Robert Siciliano

The mobile carriers want to control near-field communication and mobile payment fees by maintaining control over the phones payment technology containing their users’ credentials. Meanwhile, consumers crave mobile payment and must adapt until the big guys fight it out to see who ends up top dog...

Comments  (2)


My Canons on (ISC)² Ethics - Such as They Are

July 25, 2011 Added by:security curmudgeon

In the email thread between ISC2 general counsel Dorsey Morrow and CISSP holder Boris Sverdlik, one of the replies from Morrow was unbelievable. Not only is the email negligent and libelous, it demonstrates unprofessional behavior and a serious lack of knowledge...

Comments  (17)


PCI Compliance Scam? You Tell Me...

July 25, 2011 Added by:PCI Guru

These sorts of actions by organizations just add fuel to the fire for critics to use as another argument as to why the PCI compliance programs are pointless and organizations should not bother with complying with any of the PCI standards...

Comments  (0)


On Romulan Ale and Bird of Prey Malware

July 20, 2011 Added by:Vulcan Mindm3ld

Defenders are bound by a set of process and procedures. An organization’s inflexibility in deviating from them compound the problems. Many changes are often rejected on the basis of economic concerns. The majority are focusing on useless security guidelines such as the DISA PDI GEN001280...

Comments  (2)


DoC Presents a Security Plan for the Rest of Us

June 22, 2011 Added by:Jay Bavisi

We need to identify what is a best practice using currently available standards, and build a framework that allows us to follow this “code of conduct” in an automated way that provides a continuous flow of security, and can pinpoint failures in our security policies in real time...

Comments  (0)


Security - Stupid Is As Stupid Does

June 12, 2011 Added by:J. Oquendo

With so much being spent on security - Firewalls, Intrusion Detection Systems, Intrusion 'Prevention' Systems, Intrusion 'Tolerance' Systems, Data Loss Prevention, Certified Security Professionals, Standards, Guidelines, and the list goes on, why are these companies failing?

Comments  (18)


The NIST EMAP is Out

June 11, 2011 Added by:Anton Chuvakin

The Event Management Automation Protocol (EMAP) is a suite of interoperable specifications designed to standardize the communication of event management data. EMAP is an emerging protocol within the NIST Security Automation Program, and is a peer to similar automation protocols...

Comments  (0)


Commerce Department Calls for Security Code of Conduct

June 09, 2011 Added by:Headlines

"A key role for government is to assist industry in developing these voluntary codes of conduct. These codes of conduct should aim to unify various technical standards that currently exist and identify a broad set of responsibilities that industry members can use as a baseline..."

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »