Posts Tagged ‘Risk’
National Institute of Standards and Technology (NIST) – Security and Privacy Controls for Federal Information Systems and Organizations
Latest Daft – Comments on SP 800-53, Revision 4 should be sent by March 1, 2013, to sec-cert@nist.gov.
NIST -Security and Privacy Controls for Federal Information Systems and Organizations
“…Through the process of risk management, leaders must consider risk to US interests from adversaries using cyberspace to their advantage and from our own efforts to employ the global nature of cyberspace to achieve objectives in military, intelligence, and business operations… “
“…For operational plans development, the combination of threats, vulnerabilities, and impacts must be evaluated in order to identify important trends and decide where effort should be applied to eliminate or reduce threat capabilities; eliminate or reduce vulnerabilities; and assess, coordinate, and deconflict all cyberspace operations…”
“…Leaders at all levels are accountable for ensuring readiness and security to the same degree as in any other domain…”
— THE NATIONAL STRATEGY FOR CYBERSPACE OPERATIONS OFFICE OF THE CHAIRMAN, JOINT CHIEFS OF STAFF, U.S. DEPARTMENT OF DEFENSE
From the Sun Tzu masterpiece “The Art of War“
It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle.
Translation
- If you know others and know yourself, you will not be imperiled in a hundred battles; if you do not know others but know yourself, you win one and lose one; if you do not know others and do not know yourself, you will be imperiled in every single battle.
- Know your enemy and know yourself, find naught in fear for 100 battles. Know yourself but not your enemy, find level of loss and victory. Know thy enemy but not yourself, wallow in defeat every time.
.... IT administrators can now choose to allow, block or restrict access to applications by department, job function, time and day, as well as create usage reports.
Read the rest of this entry »
Tags: Cyber War, Human Element, Risk, Risk Management, Security, Social Media, SpearPhishing | 
Comments Closed
Adobe recommends users apply the updates for their product installations. Read the rest of this entry »
Tags: Cyber War, databreach, Epsilon, Human Element, IT Controls, Risk, SpearPhishing | Comments Closed
Newly Released – a customized version of the Symantec Internet Security Threat Report for 2010.
Symantec Logged 286 Million Threats In 2010… more than 40 percent more mobile vulnerabilities than a year ago.
Tags: Assets, Cyber War, databreach, IT Controls, Risk, SCADA, SQL Injection, Stuxnet, Symantec, XSS | Comments Closed
- Impact! Interior Design Solutions
- Symantec – Internet Security Threat Report 2013
- NIST – Managing Identity Requirements for Remote Users of Information Systems to Protect System Security and Information Privacy
- National Institute of Standards and Technology (NIST) – Security and Privacy Controls for Federal Information Systems and Organizations
- Know your Enemies – Know Yourself – Art of War
- Symantec: Annual Study: U.S. Cost of a Data Breach
- National Institute of Standards and Technology – Glossary of Key Information Security Terms
- Ponemon Institute – 2012 Cost of Cyber Crime Study
- Ponemon Institute – Third Annual Benchmark Study on Patient Privacy & Data Security
- Stuxnet-style SCADA attack kept quiet after US gov tests