Information assurance

Facebook Twitter

NIST Releases New Federal Cloud Standards - Cloud Computing. The National Institute of Standards and Technology (NIST) has released two new cloud-related publications , a roadmap and a reference document about cloud architecture.

NIST Releases New Federal Cloud Standards - Cloud Computing

The documents point to an increase in cloud adoption, both in government and private sectors, and provide updated usage and security information. To create the publications, NIST formed a working group of participants from industry, government, and academia. The researchers applied past standards used for pre-cloud technologies, like web services and the Internet. They also created new standards specifically for federal cloud architectures. The team focused on categories of concern including security, portability, and interoperability. Patriot Day: 10 years later - Assurance in the Aether. Two New Publications Provide a Cloud Computing Standards Roadmap and Reference Architecture. The National Institute of Standards and Technology (NIST) has published two new documents on cloud computing: the first edition of a cloud computing standards roadmap and a cloud computing reference architecture and taxonomy.

Two New Publications Provide a Cloud Computing Standards Roadmap and Reference Architecture

Together, the documents provide guidance to help understand cloud computing standards and categories of cloud services that can be used government-wide. These documents, along with others from NIST and NIST working groups, will be incorporated into the NIST U.S. Government Cloud Computing Technology Roadmap, expected to be published in November, 2011. Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of computing resources, including servers, data storage and applications and services.

Passwords

Web security. Plenty to Hide. June 7, 2012 By Jay Stanley , Senior Policy Analyst, ACLU Speech, Privacy and Technology Project at 1:57pm A commentator on my recent post about the DEA installing license plate scanners on the nation’s interstate highways asks, “If you aren't doing anything illegal why would you care if someone captures your license plate number?”

Plenty to Hide

Insider Threats. Nessus FAQ. If your whole life is in your phone, you'd better not lose it. 'Trust in Allah, but tie up your camel," says an Arabic proverb.

If your whole life is in your phone, you'd better not lose it

And that is exactly what I have started doing, hitching my smart phone - which has become as valuable as a camel in our modern days - to a clip I set up in each of my bags, to prevent it from getting lost again. Once was more than enough to push me into a different routine. Imagine this - and it could happen to anyone at any time: I was sitting at a very important meeting and when I saw the others there pull out their smart phones and place them on the table before our discussion started, I searched in my bag to do the same - and couldn't find my phone.

Cryptography

Building For A Secure Future: Risk Assessment. Before a designer can recommend security measures for a facility, he or she must understand what people and property–the "assets" in security parlance–need to be protected.

Building For A Secure Future: Risk Assessment

Usually this assessment is quite straightforward, but the task gets complicated when trying to predict where threats may come. This knowledge has a direct bearing on what kinds of damage the designer must attempt to mitigate. "You can't even do the simplest facility assessment until you know what the threats are. What is the best starting point to embrace risk management? « InfoSecAlways.com. This is a topic that has generated a great deal of traffic on the Linkedin “Governance, Risk and Compliance Management (GRC) site.

What is the best starting point to embrace risk management? « InfoSecAlways.com

If you are a member I recommend you read through the comments, if not you should consider joining. This is a cross post, slightly modified, of my answer to this question, so forgive the double traffic if you are a member. I was shocked that no one had mentioned the size and financial ability of the company. So this addresses both small and large corporations with and without financial money allocated to security.

Sarbanes–Oxley Act of 2002. The bill was enacted as a reaction to a number of major corporate and accounting scandals including those affecting Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom.

Sarbanes–Oxley Act of 2002

These scandals cost investors billions of dollars when the share prices of affected companies collapsed, and shook public confidence in the US securities markets. The act was approved by the House by a vote of 423 in favor, 3 opposed, and 8 abstaining and by the Senate with a vote of 99 in favor, 1 abstaining. President George W. Bush signed it into law, stating it included "the most far-reaching reforms of American business practices since the time of Franklin D. Risk Assessment: A Starting Point. Recently I was asked if I could provide a few pointers to help in developing a risk assessment process for an organization.

Risk Assessment: A Starting Point

I thought I would share my response. First, I would like to draw your attention to the mind map image over to the left of this text. The mind map represents a basic risk management methodology and is provided by Wikiversity. If you are unfamiliar with Wikiversity, it is an interesting project which is “devoted to learning resources and learning projects for all levels, types, and styles of education from pre-school to university, including professional training and informal learning.”

It is a very interesting project and I applaud their efforts.