Blog Posts Tagged with "Guidelines"


Red Hat 5 STIG: Kernel Modules

August 29, 2011 Added by:Jamie Adams

The new draft STIG requires entries in a configuration file to prevent the kernel from loading modules – even if the modules aren't installed on the system. Nonetheless, I have compiled a list of the required settings which must be set in your modprobe.conf configuration file...

Comments  (0)


Red Hat 5 STIG: Network Settings

August 23, 2011 Added by:Jamie Adams

I would caution administrators from rushing to add all because most are defaults. The settings must be implicitly set in the sysctl.conf config file. My recommendation is to review the entire STIG in order to define a complete sysctl.conf file, so that it can be deployed and tested all at once...

Comments  (0)


Facebook Releases User Security Guide

August 19, 2011 Added by:Headlines

The guide offers some fairly good advice and illustrative graphics on how to spot common scams and other mischief. It is written in simple enough terms that you, your kids, and your grandparents can all increase your Facebook security outlook a great deal in a matter of only a few minutes...

Comments  (0)


Five Security Considerations for a Mobile Phone

August 18, 2011 Added by:Robert Siciliano

Mobile users have recently captured the attention of cyber criminals. The Department of Homeland Security and the STOP. THINK. CONNECT. program recommends the following tips to help you protect yourself and to help keep the web a safer place for everyone...

Comments  (0)


Avoiding 7 Common Mistakes of IT Security Compliance

August 16, 2011 Added by:Sasha Nunke

Ambiguity abounds due to lack of a universal philosophy of compliance. A big challenge for security professionals is navigating this ambiguity, especially when financial auditing terms such as GRC are loosely applied to IT security solutions. Let the buyer beware...

Comments  (2)


Financial Industry Guidance on the Use of Social Media

August 14, 2011 Added by:David Navetta

Banks and other financial institutions face unique issues when it comes to the use of social media. Faced with conflicts between social media platform rules, customer expectations, self-regulatory standards, and the strict regulations that govern the industry, guidance has been issued by BITS...

Comments  (0)


The Benefits of Multifactor Authentication

August 02, 2011 Added by:Robert Siciliano

Specifically the FFIEC states: “Since virtually every authentication technique can be compromised, financial institutions should not rely solely on any single control for authorizing high risk transactions, but rather institute a system of layered security, as described herein...."

Comments  (0)


Privacy and Security Policies: A HIPAA-HITECH Checklist

July 24, 2011 Added by:Jack Anderson

"An important component of preparing for a potential HIPAA compliance audit is to complete a walk-through to make sure privacy and security policies and procedures are practical and effective..."

Comments  (0)


LulzSec Spree Sparks DHS Response

June 28, 2011 Added by:Ron Baklarz

In the wake of the recent LulzSec 50 day hacking spree that left many high profile companies and organizations scrambling, DHS released "detailed guidance" on the top 25 vulnerabilities. The "Common Weakness Enumeration" list was developed in collaboration among DHS, Mitre, and SANS...

Comments  (1)


Where is the Focus on Randomness in Cryptography?

June 27, 2011 Added by:Emmett Jorgensen

The risk in using an RNG that is not truly random stems from the ability of an attacker analyzing the encrypted data and potentially discovering patterns to the encryption. This could allow some type of reverse engineering of the encrypted data or keys...

Comments  (2)


PCI SSC Releases Virtualization Guidelines

June 25, 2011 Added by:PCI Guru

If I had to take the PCI SSC to task, I would argue that cloud computing does not have anything to do with virtualization. Yes, a lot of cloud computing solution providers are using virtualized systems to provide their services, but not every cloud provider uses virtualization...

Comments  (0)


PCI DSS in the Cloud... From the PCI Council

June 23, 2011 Added by:Anton Chuvakin

The long-awaited PCI Council guidance on virtualization has been released. This guidance does not focus on cloud computing, but contains more than a few mentions, all of them pretty generic. Here are some of the highlights and my thoughts on them...

Comments  (1)


Twelve Tips for Combating Identity Theft

June 15, 2011 Added by:Headlines

The bad news is that the cost of remediating an identity theft event increased by sixty-three percent over the same time period, and the incidence of "friendly fraud" - identity theft by an acquaintance of the victim - rose seven percent...

Comments  (1)


Security - Stupid Is As Stupid Does

June 12, 2011 Added by:J. Oquendo

With so much being spent on security - Firewalls, Intrusion Detection Systems, Intrusion 'Prevention' Systems, Intrusion 'Tolerance' Systems, Data Loss Prevention, Certified Security Professionals, Standards, Guidelines, and the list goes on, why are these companies failing?

Comments  (18)


Compliance: Twenty Questions Directors Should Ask

June 01, 2011 Added by:Thomas Fox

The questions are not intended to be an exact checklist, but rather a way to provide insight and stimulate discussion on the topic of compliance. The questions provide directors with a basis for critically assessing the answers they get and digging deeper as necessary...

Comments  (0)


NIST Releases Draft of Cloud Computing Synopsis

May 17, 2011 Added by:Headlines

Organizations should be aware of the security issues that exist in cloud computing. As complex networked systems, clouds are affected by traditional computer and network security issues such as the needs to provide data confidentiality, data integrity, and system availability...

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »