Items Tagged with "Guidelines"
Guide to the OWASP Application Security Top Ten
May 01, 2012 Added by:Fergal Glynn
Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security. All of its articles, methodologies and technologies are made available free of charge to the public...
Comments (0)
Duty to Authenticate Identity: Online Banking Breach Lawsuits
April 26, 2012 Added by:David Navetta
The attenuated nature of online relationships creates an opportunity for criminals to steal or spoof online identities and use them for monetary gain. The ability of one party to authenticate the identity of the other party in an online transaction is of key importance...
Comments (0)
ENISA: Guidelines for Monitoring Cloud Computing Contracts
April 05, 2012
Cloud computing services are increasingly important for governments and businesses, and information security is a key pain-point. To help solve this problem ENISA released a guide focusing on continuous security monitoring throughout the life-cycle of a cloud contract...
Comments (0)
NIST: Technical Guidance for Evaluating Electronic Health Records
April 03, 2012 Added by:Infosec Island Admin
“This guidance can be a useful tool for EHR developers to demonstrate that their systems don’t lead to use errors... It will provide a way for developers and evaluators to objectively assess how easy their EHR systems are to learn and operate, while maximizing efficiency...”
Comments (0)
NIST Guidance on Wireless Local Area Network Security
March 14, 2012
NIST has released a guide for enhanced security for wireless local area networks (WLAN) which provides recommendations on standardizing WLAN security configurations including configuration design, implementation, evaluation and maintenance and monitoring tools...
Comments (0)
NIST Releases Framework for Smart Grid Standards
March 08, 2012
Cybersecurity is now expanded to address the following: combined power systems, information technology and communication systems in order to maintain the reliability, the physical security of all components, and the reduced impact of coordinated cyber-physical attacks...
Comments (0)
NIST Draft Addresses Security Threats and Privacy Controls
March 07, 2012 Added by:David Navetta
NIST notes that many of the changes were driven by particular security issues and challenges requiring greater attention including, insider threats, mobile and cloud computing, application security, firmware integrity, supply chain risk, and advanced persistent threats...
Comments (0)
NIST: Securing Wireless Local Area Networks
February 28, 2012
The purpose of this publication is to help organizations improve their WLAN security by providing recommendations for WLAN security configuration and monitoring. This publication supplements other NIST publications by consolidating their key recommendations...
Comments (0)
Secure Now or Forever...
February 24, 2012 Added by:Pamela Gupta
Traditional access control is simple, but permission-based access has become challenging – applications that request the user’s permission to access sensitive data explicitly. We are expecting users to be system administrators without adequate training, which is not feasible...
Comments (0)
NLRB Issued Second Report on Social Media Enforcement
February 17, 2012 Added by:David Navetta
As we have previously noted in prior posts about the NLRB’s social media enforcement actions, employers should carefully review and adjust their social media policies and practices in light of the NLRB’s guidance and enforcement...
Comments (0)
NIST Finalized Guidelines for Security in the Cloud
February 12, 2012 Added by:David Navetta
According to NIST, SP 800-144 is geared for those involved in cloud computing initiatives; security personnel responsible for security and privacy measures for cloud computing; system and network administrators; and users of public cloud computing services...
Comments (0)
NIST Computer Security Incident Handling Guide Draft
February 09, 2012
This publication provides guidelines for incident handling, particularly for analyzing data and determining the appropriate response. The guidelines can be followed independently of particular hardware platforms, operating systems, protocols, or applications...
Comments (0)
NIST: Revised Technical Specifications for SCAP
February 01, 2012
In conducting business, organizations must manage many different and complex software components, including firmware, operating systems and applications. These components must be configured securely, patched when needed, and continuously monitored for security...
Comments (0)
Metasploit: The Penetration Tester's Guide
January 30, 2012 Added by:Ben Rothke
The Metasploit Project is an open-source security project that provides information about security vulnerabilities and assists those performing the penetration tests in building a framework in which to carry out the testing...
Comments (1)
NIST Draft Guidance for Monitoring IT System Security
January 26, 2012 Added by:Headlines
Three new draft reports published by the NIST are designed to help both public and private organizations improve the security of their information management systems by developing capabilities for continuous monitoring of security...
Comments (0)
NIST Cloud Computing Guidelines on Security and Privacy
January 25, 2012
"Cloud computing and the other deployment models are a viable choice for many applications and services. However, accountability for security and privacy in cloud deployments cannot be delegated to a cloud provider and remains an obligation for the organization to fulfill..."