Items Tagged with "Guidelines"
May 01, 2012 Added by:Fergal Glynn
Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security. All of its articles, methodologies and technologies are made available free of charge to the public...
April 26, 2012 Added by:David Navetta
The attenuated nature of online relationships creates an opportunity for criminals to steal or spoof online identities and use them for monetary gain. The ability of one party to authenticate the identity of the other party in an online transaction is of key importance...
April 05, 2012
Cloud computing services are increasingly important for governments and businesses, and information security is a key pain-point. To help solve this problem ENISA released a guide focusing on continuous security monitoring throughout the life-cycle of a cloud contract...
April 03, 2012 Added by:Infosec Island Admin
“This guidance can be a useful tool for EHR developers to demonstrate that their systems don’t lead to use errors... It will provide a way for developers and evaluators to objectively assess how easy their EHR systems are to learn and operate, while maximizing efficiency...”
March 14, 2012
NIST has released a guide for enhanced security for wireless local area networks (WLAN) which provides recommendations on standardizing WLAN security configurations including configuration design, implementation, evaluation and maintenance and monitoring tools...
March 08, 2012
Cybersecurity is now expanded to address the following: combined power systems, information technology and communication systems in order to maintain the reliability, the physical security of all components, and the reduced impact of coordinated cyber-physical attacks...
March 07, 2012 Added by:David Navetta
NIST notes that many of the changes were driven by particular security issues and challenges requiring greater attention including, insider threats, mobile and cloud computing, application security, firmware integrity, supply chain risk, and advanced persistent threats...
February 28, 2012
The purpose of this publication is to help organizations improve their WLAN security by providing recommendations for WLAN security configuration and monitoring. This publication supplements other NIST publications by consolidating their key recommendations...
February 24, 2012 Added by:Pamela Gupta
Traditional access control is simple, but permission-based access has become challenging – applications that request the user’s permission to access sensitive data explicitly. We are expecting users to be system administrators without adequate training, which is not feasible...
February 17, 2012 Added by:David Navetta
As we have previously noted in prior posts about the NLRB’s social media enforcement actions, employers should carefully review and adjust their social media policies and practices in light of the NLRB’s guidance and enforcement...
February 12, 2012 Added by:David Navetta
According to NIST, SP 800-144 is geared for those involved in cloud computing initiatives; security personnel responsible for security and privacy measures for cloud computing; system and network administrators; and users of public cloud computing services...
February 09, 2012
This publication provides guidelines for incident handling, particularly for analyzing data and determining the appropriate response. The guidelines can be followed independently of particular hardware platforms, operating systems, protocols, or applications...
February 01, 2012
In conducting business, organizations must manage many different and complex software components, including firmware, operating systems and applications. These components must be configured securely, patched when needed, and continuously monitored for security...
January 30, 2012 Added by:Ben Rothke
The Metasploit Project is an open-source security project that provides information about security vulnerabilities and assists those performing the penetration tests in building a framework in which to carry out the testing...
January 26, 2012 Added by:Headlines
Three new draft reports published by the NIST are designed to help both public and private organizations improve the security of their information management systems by developing capabilities for continuous monitoring of security...
January 25, 2012
"Cloud computing and the other deployment models are a viable choice for many applications and services. However, accountability for security and privacy in cloud deployments cannot be delegated to a cloud provider and remains an obligation for the organization to fulfill..."