Latest Files for Download
Secure Communications for CERTs and Stakeholders
December 29, 2011
ENISA seeks to identify the most suitable technology and platform to provide secure channels to improve communications with CERTs and other stakeholders. Secure transportation of information assures some combination of confidentiality, integrity and authenticity of the data...
Comments (0)
ENISA Releases Industrial Control Systems Security Report
December 19, 2011
"These systems have faced a notable number of incidents. These include the Stuxnet attack, believed to have used bespoke malware to target nuclear control systems in Iran, and the recent DuQu -‘upgraded variant’ of this malware. These incidents caused great security concerns among ICS users..."
Comments (0)
ENISA on Cyber Security: Future Challenges and Opportunities
December 13, 2011
Our society has become irreversibly dependent on Information and Communication Technologies (ICTs). Unfortunately, the adoption of them has been accompanied by the development of a new set of cyber threats which are developing in ever more rapid, sophisticated and sinister ways...
Comments (0)
ENISA Report: Proactive Detection of Network Security Incidents
December 09, 2011
The report reveals that not all available tools are used by the ‘’digital fire-brigades’’, the Computer Emergency Response Teams (CERTs) to effectively fight cyber threats. Therefore, the Agency issues 35 recommendations to data providers and consumers to mitigate the shortcomings...
Comments (0)
ENISA Smartphone Secure Development Guidelines
December 07, 2011
This document was produced jointly with the OWASP mobile security project. It is also published as an ENISA deliverable in accordance with our work programme 2011. It is written for developers of smartphone apps as a guide to developing secure applications...
Comments (0)
(Almost) All Your (BASE) Are Belong to Us!
December 01, 2011
The HTML element Cross Site Scripting (XSS) I will discuss abuses the "best practice" among web developers to use relative links and the tendency of web browsers to parse incorrect HTML. HTML tags are often used in XSS attacks to an attacker inject dangerous javascript or html content...
Comments (0)
Internet Security Alliance Endorses Cyber Security Legislation
November 18, 2011
"The House Cyber Security Task Force Report highlights the need to create a menu of economic incentives for the private sector to enhance its cyber security, rather than creating a large and unspecified regulatory apparatus at the Department of Homeland Security," Clinton said...
Comments (0)
Tracking Performance of Software Security Assurance
October 19, 2011
This paper reveals the five SSA program KPIs, their methods of collection, their importance to the organization, and how to present them in a way that demonstrates measurable success of your security strategy, and sets the groundwork to advance beyond simple metrics...
Comments (0)
A New Approach to Data Centric Security
October 18, 2011
Data has to be independently classified based on availability, integrity and confidentiality. It needs to be data centric, not focusing on the systems or databases so that while data “travels” through the infrastructure it will keep these attributes without relying on source systems...
Comments (0)
ISA: Financial Management of Cyber Risk
October 04, 2011
ISA President Larry Clinton was joined by former ISA Chair Ty Sagalow, ISA Chief outside counsel Tom Jackson and Ed Stull from DCR in illustrating how and why cyber events are often misanalyzed by organizations leading to financial impacts which can also be underestimated...
Comments (0)
The Leaking Vault 2011: Six Years of Data Breaches
September 15, 2011
The Leaking Vault 2011 presents data gathered from studying 3,765 publicly disclosed data breach incidents, and is the largest study of its kind to date. Information was gleaned from the organizations that track these events, as well as government sources...
Comments (0)
Defending the Castle by Actively Abusing It
April 25, 2011
Contrary to popular belief, realistic “adversarial” testing can be accomplished in a responsible manner without the consequences of “bringing down the house". Offered are arguments and counterpoints against organizational decisions that disallow certain types of testing...
Comments (2)
Cyber Deterrence - Methods and Effectiveness
March 28, 2011
The term "Cyber Deterrence" is gaining traction lately, with regard to the act of deterring cyber attacks. I've seen at least one author (Richard Clarke) use it in his book about Cyber Warfare. In many cases the proponents of this term invoke existing Deterrence Strategies such as the MAD doctrine...
Comments (0)
Cyberwarfare and Its Damaging Effects on Citizens
February 17, 2011
In order to analyze the real damage that a hypothetical cyberwar or individual act of cyberwarfare could do to the citizens of any nation coming under attack, it is fundamental to begin with some reflections which will help us reach a full understanding of the phenomenon and its related practical implications.
Comments (1)
Beyond Due Diligence
October 21, 2010
Beyond Due Diligence (free PDF) is a reference and awareness guide for professional services providers, private equity investors, commercial lenders, industry senior management and Business Owners.
Comments (1)
Justifying IT Security
September 21, 2010
One of the most difficult issues security managers have is justifying how they spend their limited budgets. For the most part, information security budgets are determined by percentages of the overall IT budget. This implies that security is basically a “tax” on IT, as opposed to providing value back to the organization. The fact is that security can provide value to the organization, if there...
Comments (1)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!