Latest Files for Download
NIST Cloud Computing Guidelines on Security and Privacy
January 25, 2012
"Cloud computing and the other deployment models are a viable choice for many applications and services. However, accountability for security and privacy in cloud deployments cannot be delegated to a cloud provider and remains an obligation for the organization to fulfill..."
Comments (0)
NIST Guidelines to Ensure Devices are Smart Grid Ready
January 24, 2012
Smart Grid technologies aim to transform the nation's aging power system into a network that integrates modern communication technologies with the power delivery infrastructure. Electrical devices will need to adhere to these standards if they are to function as desired...
Comments (0)
American Defense Operations and Cyberspace
January 24, 2012
"Space and cyberspace operations likely will commence well in advance of other operations. In fact, even in the absence of open conflict, operations to gain and maintain cyberspace superiority and space control will be continuous requirements..."
Comments (0)
ENISA Report on Trust and Reputation Models
January 23, 2012
Reputation systems are a key success factor of many websites, e.g. eBay, or Amazon, ranking hotels, films, or music, enabling users and customers to vote on products. However, by using reputation systems, citizens place themselves at additional risk...
Comments (0)
DHS to Take Over Pentagon Cyber Defense Program
January 19, 2012
The Joint Cybersecurity Services Pilot was designed to utilize NSA intelligence to protect information networks operated by companies in the Defense Industrial Base. The program shared emerging cyber threat data with defense contractors in an effort to better defend systems...
Comments (0)
CCSA Writing Competition for Cyber Conflict Case Studies
January 18, 2012
Case studies of particular quality may be considered for publication in future CCSA journals, an upcoming Comprehensive History of Cyber Conflict, or selected for presentation at a future cyber conflict history conference...
Comments (0)
DARPA Seeks Biometric Authentication Software Research
January 16, 2012
DARPA is seeking biometric authentication software research proposals for the Active Authentication Program that involve innovative biometric-based solutions that can be integrated into current DoD systems without the need for new hardware installations...
Comments (0)
Information Security and Data Protection in 2012
January 05, 2012
As we start 2012, we can expect to see a continuance of data breaches and increasing cyber attacks. It’s important for businesses and organizations to know what they need to be prepared for and to take steps to help minimize the threats that do not appear to be going away...
Comments (0)
Secure Communications for CERTs and Stakeholders
December 29, 2011
ENISA seeks to identify the most suitable technology and platform to provide secure channels to improve communications with CERTs and other stakeholders. Secure transportation of information assures some combination of confidentiality, integrity and authenticity of the data...
Comments (0)
ENISA Releases Industrial Control Systems Security Report
December 19, 2011
"These systems have faced a notable number of incidents. These include the Stuxnet attack, believed to have used bespoke malware to target nuclear control systems in Iran, and the recent DuQu -‘upgraded variant’ of this malware. These incidents caused great security concerns among ICS users..."
Comments (0)
ENISA on Cyber Security: Future Challenges and Opportunities
December 13, 2011
Our society has become irreversibly dependent on Information and Communication Technologies (ICTs). Unfortunately, the adoption of them has been accompanied by the development of a new set of cyber threats which are developing in ever more rapid, sophisticated and sinister ways...
Comments (0)
ENISA Report: Proactive Detection of Network Security Incidents
December 09, 2011
The report reveals that not all available tools are used by the ‘’digital fire-brigades’’, the Computer Emergency Response Teams (CERTs) to effectively fight cyber threats. Therefore, the Agency issues 35 recommendations to data providers and consumers to mitigate the shortcomings...
Comments (0)
ENISA Smartphone Secure Development Guidelines
December 07, 2011
This document was produced jointly with the OWASP mobile security project. It is also published as an ENISA deliverable in accordance with our work programme 2011. It is written for developers of smartphone apps as a guide to developing secure applications...
Comments (0)
(Almost) All Your (BASE) Are Belong to Us!
December 01, 2011
The HTML element Cross Site Scripting (XSS) I will discuss abuses the "best practice" among web developers to use relative links and the tendency of web browsers to parse incorrect HTML. HTML tags are often used in XSS attacks to an attacker inject dangerous javascript or html content...
Comments (0)
Internet Security Alliance Endorses Cyber Security Legislation
November 18, 2011
"The House Cyber Security Task Force Report highlights the need to create a menu of economic incentives for the private sector to enhance its cyber security, rather than creating a large and unspecified regulatory apparatus at the Department of Homeland Security," Clinton said...
Comments (0)
Tracking Performance of Software Security Assurance
October 20, 2011
This paper reveals the five SSA program KPIs, their methods of collection, their importance to the organization, and how to present them in a way that demonstrates measurable success of your security strategy, and sets the groundwork to advance beyond simple metrics...
Comments (0)
- Metasploitable: Gaining Root on a Vulnerable Linux System
- ICS-CERT: From the Trenches - A Tabletop Exercise
- Why Does Software Security Keep Falling off your Budget?
- Former DHS Director Sean Paul McGurk Joins ICS ISAC
- CISO 2.0: Enterprise Umpire or Wide Receiver?
- Dutch Military Intelligence Dives into Cyber
- Facebook "Like" Button = Privacy Violation + Security Risk
- Twitter Commits to Respecting Do Not Track with New Policy
- Hard Power, Soft Power, and the Power of Digital Espionage
- US vs. China: Is the Cyber Warfare Gap Increasing?