Information assurance

Facebook Twitter
NIST Releases New Federal Cloud Standards - Cloud Computing NIST Releases New Federal Cloud Standards - Cloud Computing The National Institute of Standards and Technology (NIST) has released two new cloud-related publications , a roadmap and a reference document about cloud architecture. The documents point to an increase in cloud adoption, both in government and private sectors, and provide updated usage and security information. To create the publications, NIST formed a working group of participants from industry, government, and academia. The researchers applied past standards used for pre-cloud technologies, like web services and the Internet. They also created new standards specifically for federal cloud architectures. The team focused on categories of concern including security, portability, and interoperability.
Patriot Day: 10 years later - Assurance in the Aether
The National Institute of Standards and Technology (NIST) has published two new documents on cloud computing: the first edition of a cloud computing standards roadmap and a cloud computing reference architecture and taxonomy. Together, the documents provide guidance to help understand cloud computing standards and categories of cloud services that can be used government-wide. These documents, along with others from NIST and NIST working groups, will be incorporated into the NIST U.S. Government Cloud Computing Technology Roadmap, expected to be published in November, 2011. Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of computing resources, including servers, data storage and applications and services. Two New Publications Provide a Cloud Computing Standards Roadmap and Reference Architecture Two New Publications Provide a Cloud Computing Standards Roadmap and Reference Architecture
passwords

web security

June 7, 2012 By Jay Stanley , Senior Policy Analyst, ACLU Speech, Privacy and Technology Project at 1:57pm A commentator on my recent post about the DEA installing license plate scanners on the nation’s interstate highways asks, “If you aren't doing anything illegal why would you care if someone captures your license plate number?” Plenty to Hide Plenty to Hide
Insider Threats

Nessus FAQ
'Trust in Allah, but tie up your camel," says an Arabic proverb. And that is exactly what I have started doing, hitching my smart phone - which has become as valuable as a camel in our modern days - to a clip I set up in each of my bags, to prevent it from getting lost again. Once was more than enough to push me into a different routine. Imagine this - and it could happen to anyone at any time: I was sitting at a very important meeting and when I saw the others there pull out their smart phones and place them on the table before our discussion started, I searched in my bag to do the same - and couldn't find my phone. If your whole life is in your phone, you'd better not lose it If your whole life is in your phone, you'd better not lose it
cryptography

Building For A Secure Future: Risk Assessment Building For A Secure Future: Risk Assessment Before a designer can recommend security measures for a facility, he or she must understand what people and property–the "assets" in security parlance–need to be protected. Usually this assessment is quite straightforward, but the task gets complicated when trying to predict where threats may come. This knowledge has a direct bearing on what kinds of damage the designer must attempt to mitigate. "You can't even do the simplest facility assessment until you know what the threats are.
This is a topic that has generated a great deal of traffic on the Linkedin “Governance, Risk and Compliance Management (GRC) site. If you are a member I recommend you read through the comments, if not you should consider joining. This is a cross post, slightly modified, of my answer to this question, so forgive the double traffic if you are a member. I was shocked that no one had mentioned the size and financial ability of the company. So this addresses both small and large corporations with and without financial money allocated to security. What is the best starting point to embrace risk management? « InfoSecAlways.com What is the best starting point to embrace risk management? « InfoSecAlways.com
Sarbanes–Oxley Act of 2002 The bill was enacted as a reaction to a number of major corporate and accounting scandals including those affecting Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom. These scandals cost investors billions of dollars when the share prices of affected companies collapsed, and shook public confidence in the US securities markets. The act was approved by the House by a vote of 423 in favor, 3 opposed, and 8 abstaining and by the Senate with a vote of 99 in favor, 1 abstaining. President George W. Bush signed it into law, stating it included "the most far-reaching reforms of American business practices since the time of Franklin D. Sarbanes–Oxley Act of 2002
Recently I was asked if I could provide a few pointers to help in developing a risk assessment process for an organization. I thought I would share my response. First, I would like to draw your attention to the mind map image over to the left of this text. The mind map represents a basic risk management methodology and is provided by Wikiversity. If you are unfamiliar with Wikiversity, it is an interesting project which is “devoted to learning resources and learning projects for all levels, types, and styles of education from pre-school to university, including professional training and informal learning.” It is a very interesting project and I applaud their efforts. Risk Assessment: A Starting Point Risk Assessment: A Starting Point