Blog Posts Tagged with "Guidelines"

4085079c6fe0be2fd371ddbac0c3e7db

Red Hat 5 STIG: Kernel Modules

August 29, 2011 Added by:Jamie Adams

The new draft STIG requires entries in a configuration file to prevent the kernel from loading modules – even if the modules aren't installed on the system. Nonetheless, I have compiled a list of the required settings which must be set in your modprobe.conf configuration file...

Comments  (0)

4085079c6fe0be2fd371ddbac0c3e7db

Red Hat 5 STIG: Network Settings

August 23, 2011 Added by:Jamie Adams

I would caution administrators from rushing to add all because most are defaults. The settings must be implicitly set in the sysctl.conf config file. My recommendation is to review the entire STIG in order to define a complete sysctl.conf file, so that it can be deployed and tested all at once...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Facebook Releases User Security Guide

August 19, 2011 Added by:Headlines

The guide offers some fairly good advice and illustrative graphics on how to spot common scams and other mischief. It is written in simple enough terms that you, your kids, and your grandparents can all increase your Facebook security outlook a great deal in a matter of only a few minutes...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Five Security Considerations for a Mobile Phone

August 18, 2011 Added by:Robert Siciliano

Mobile users have recently captured the attention of cyber criminals. The Department of Homeland Security and the STOP. THINK. CONNECT. program recommends the following tips to help you protect yourself and to help keep the web a safer place for everyone...

Comments  (0)

6429389c5e8a4c9555be876f8484331a

Avoiding 7 Common Mistakes of IT Security Compliance

August 16, 2011 Added by:Sasha Nunke

Ambiguity abounds due to lack of a universal philosophy of compliance. A big challenge for security professionals is navigating this ambiguity, especially when financial auditing terms such as GRC are loosely applied to IT security solutions. Let the buyer beware...

Comments  (2)

A7290c5bd7bc2aaa7ea2b6c957ef639b

Financial Industry Guidance on the Use of Social Media

August 14, 2011 Added by:David Navetta

Banks and other financial institutions face unique issues when it comes to the use of social media. Faced with conflicts between social media platform rules, customer expectations, self-regulatory standards, and the strict regulations that govern the industry, guidance has been issued by BITS...

Comments  (0)

37d5f81e2277051bc17116221040d51c

The Benefits of Multifactor Authentication

August 02, 2011 Added by:Robert Siciliano

Specifically the FFIEC states: “Since virtually every authentication technique can be compromised, financial institutions should not rely solely on any single control for authorizing high risk transactions, but rather institute a system of layered security, as described herein...."

Comments  (0)

10e258c8d23d441b915c1b2333b6996a

Privacy and Security Policies: A HIPAA-HITECH Checklist

July 24, 2011 Added by:Jack Anderson

"An important component of preparing for a potential HIPAA compliance audit is to complete a walk-through to make sure privacy and security policies and procedures are practical and effective..."

Comments  (0)

91648658a3e987ddb81913b06dbdc57a

LulzSec Spree Sparks DHS Response

June 28, 2011 Added by:Ron Baklarz

In the wake of the recent LulzSec 50 day hacking spree that left many high profile companies and organizations scrambling, DHS released "detailed guidance" on the top 25 vulnerabilities. The "Common Weakness Enumeration" list was developed in collaboration among DHS, Mitre, and SANS...

Comments  (1)

8c4834b99847b9f7c9ee94b45df086f9

Where is the Focus on Randomness in Cryptography?

June 27, 2011 Added by:Emmett Jorgensen

The risk in using an RNG that is not truly random stems from the ability of an attacker analyzing the encrypted data and potentially discovering patterns to the encryption. This could allow some type of reverse engineering of the encrypted data or keys...

Comments  (2)

Fc152e73692bc3c934d248f639d9e963

PCI SSC Releases Virtualization Guidelines

June 25, 2011 Added by:PCI Guru

If I had to take the PCI SSC to task, I would argue that cloud computing does not have anything to do with virtualization. Yes, a lot of cloud computing solution providers are using virtualized systems to provide their services, but not every cloud provider uses virtualization...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

PCI DSS in the Cloud... From the PCI Council

June 23, 2011 Added by:Anton Chuvakin

The long-awaited PCI Council guidance on virtualization has been released. This guidance does not focus on cloud computing, but contains more than a few mentions, all of them pretty generic. Here are some of the highlights and my thoughts on them...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Twelve Tips for Combating Identity Theft

June 15, 2011 Added by:Headlines

The bad news is that the cost of remediating an identity theft event increased by sixty-three percent over the same time period, and the incidence of "friendly fraud" - identity theft by an acquaintance of the victim - rose seven percent...

Comments  (1)

850c7a8a30fa40cf01a9db756b49155a

Security - Stupid Is As Stupid Does

June 12, 2011 Added by:J. Oquendo

With so much being spent on security - Firewalls, Intrusion Detection Systems, Intrusion 'Prevention' Systems, Intrusion 'Tolerance' Systems, Data Loss Prevention, Certified Security Professionals, Standards, Guidelines, and the list goes on, why are these companies failing?

Comments  (18)

59d9b46aa00c70238bb89056cfeb96c0

Compliance: Twenty Questions Directors Should Ask

June 01, 2011 Added by:Thomas Fox

The questions are not intended to be an exact checklist, but rather a way to provide insight and stimulate discussion on the topic of compliance. The questions provide directors with a basis for critically assessing the answers they get and digging deeper as necessary...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NIST Releases Draft of Cloud Computing Synopsis

May 17, 2011 Added by:Headlines

Organizations should be aware of the security issues that exist in cloud computing. As complex networked systems, clouds are affected by traditional computer and network security issues such as the needs to provide data confidentiality, data integrity, and system availability...

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »