Blog Posts Tagged with "Guidelines"


Help Create an Easy to Use Open Source Risk Equation

October 09, 2012 Added by:Matt Neely

The information security industry has attempted to adapt existing Risk Management practices for the task of managing information security. Numerous frameworks have been devised over the years, including FAIR, OCTAVE, ISO 27001/27005 and NIST 800-53/NIST 800-39, just to name a few...

Comments  (0)


Federal CIO Council Releases BYOD Toolkit

September 19, 2012 Added by:David Navetta

The BYOD movement, barring a black swan event, is likely to continue to gather steam – though not without detractors. And as the Toolkit notes, BYOD remains a nascent movement with real concerns and numerous issues to be worked through, along with the establishment of new practices...

Comments  (0)


Tallinn Manual on International Law Applied to Cyber Warfare

September 06, 2012 Added by:Stefano Mele

The Tallinn Manual pays particular attention to international law governing the use of force as an instrument of national policy and laws regulating the conduct of armed conflict, also labeled the law of war, the law of armed conflict, or international humanitarian law...

Comments  (0)


NIST: Guide to Rating Software Vulnerabilities from Misuse

July 29, 2012 Added by:Headlines

A new guide from the National Institute of Standards and Technology (NIST) describes a "scoring system" that computer security managers can use to assess the severity of security risks arising from software features that are designed under an assumption that users are operating these features as intended...

Comments  (0)


ICS-CERT: Windows XP Support End of Life

July 18, 2012 Added by:Infosec Island Admin

ICSCERT has identified three technology deployment areas to evaluate when considering the upcoming EOL of XP SP3 across ICS environments. Applications installed on Windows XP SP3 operating system builds on standard IT equipment, including engineering workstations, HMI servers, historian systems, etc...

Comments  (0)


A Step-by-Step Guide for Choosing the Best Scanner

July 16, 2012 Added by:Shay Chen

There hasn't been any independent methodology for evaluating web application vulnerability scanners in a while. The following is a comprehensive guide for choosing the best scanner based on conclusions from the 2012 benchmark study - a comparison of 10 crucial aspects of 60 web application vulnerability scanners...

Comments  (0)


NIST: Test Framework for Upgrading Smart Electrical Meters

July 13, 2012 Added by:Infosec Island Admin

"Companies will be able to tailor these generic test criteria to their own systems. To make it an effective framework, we made sure that it contains consistent, repeatable tests they can run, producing documentation that contains adequate, accurate information regardless of the individual system..."

Comments  (0)


Password Security: The Main Vein

July 02, 2012 Added by:Ahmed Saleh

Your passwords should be treated as "high sensitive information", and you are responsible for taking the appropriate steps to select and secure this information. Information system users should be aware of the characteristics of weak and strong passwords in order to ensure adequate protection of their information...

Comments  (1)


Center for Internet Security Unveils Trusted Purchasing Alliance

June 28, 2012 Added by:Headlines

“The mission of the Alliance is to maximize buying power to improve the cyber security posture of governments and not-for-profits... to help organizations in the public sector procure solutions to address cyber security... [a] trusted environment public sector organizations can turn to for expert guidance..."

Comments  (0)


NARUC: Cybersecurity Guidance for State Utility Regulators

June 20, 2012 Added by:Infosec Island Admin

“Understanding risk means understanding the relationship between vulnerability (such as a system with a known but unaddressed weakness), threat (such as a bad actor propagating viruses or worms) and consequence (such as physical damage and loss of public safety). Simply understanding risks is just the first step"...

Comments  (0)


ICS-CERT: Credential Management

June 13, 2012 Added by:Infosec Island Admin

Credential caching should be disabled on all machines. A common technique employed by attackers is referred to as “pass the hash.” The pass the hash technique uses cached password hashes extracted from a compromised machine to gain access to additional machines on the domain...

Comments  (0)


Nine Tips for Social Media Crisis Response

June 07, 2012 Added by:Neira Jones

Not impressed with LinkedIn's social media crisis response? Whilst the draft NIST report SP 800-61 gives really good guidelines on fully and effectively communicating important information to the public, there is some mileage to be had by exploring the use of social media when tackling incident response...

Comments  (0)


Securing the Virtual Environment: How to Defend Against Attack

June 06, 2012 Added by:Ben Rothke

One of the selling points around virtualization is its perceived added level of security. But virtualization, like any other piece of software can be implemented incorrectly, and itself have flaws. To secure virtualization effectively, one needs to understand how adversaries will attack an environment...

Comments  (0)


ICS-CERT: Preserving Forensic Data

June 01, 2012 Added by:Infosec Island Admin

Preserving forensic data is an essential aspect of incident response. The data acquired during the process is critical to containing the intrusion and improving security to defend against the next attack. Network defenders should make note of the following recommendations for retention of essential forensic data...

Comments  (0)


FBI Guidance on Avoiding Internet-Based Fraud

May 21, 2012 Added by:Infosec Island Admin

Listed below are tips to protect your business, yourself and your family from various forms of Internet fraud. For information on the most common complaints and scams, see the annual reports of the Internet Crime Complaint Center a partnership of the FBI and the NWCCC...

Comments  (2)


Spring Cleaning Your PC

May 18, 2012 Added by:Robert Siciliano

If your PC is bogged down with software and your desktop is jammed with icons and documents, then your PC is next to useless as a productivity tool. Even scarier is you have lost track of your files have sensitive information exposed. Follow these tips for a cleaner, faster machine...

Comments  (2)

Page « < 1 - 2 - 3 - 4 - 5 > »