Security Standards
Your source for the latest security standards news.
Detailing contingency planning
Nov. 09, 2009
Despite the inclusion of "for Federal Information Systems" in the title, SP 800-34 Rev 1 has a great deal of value for all information assurance and business continuity specialists.
NIST SP800-53 Rev. 3: Key to Unified Security Across Federal Government and Private Sectors ...
Oct. 26, 2009
Standards play a critical role in information assurance. Given the impossibility of defining a deterministic model that includes billions of users, millions of computers, and thousands of programs and protocols ...
SP 800-53 is essential for security in federal government IT systems
Nov. 04, 2009
SP 800-53 (Appendix H) provides two-way mappings between security controls defined in SP 800-53 and security controls defined in international security standard ISO/IEC 27001, Information Security Management Systems
Extensive Catalog Provides Security Controls for Contemporary Security Requirements - ...
Nov. 02, 2009
In the current Revision 3 update of SP 800-53 there are over 200 security controls for protecting information and information systems.
NIST SP800-53 Rev. 3: Risk Management Framework Underpins the Security Life Cycle - Network ...
Oct. 28, 2009
SP 800-39 also provides guidance for managing risk associated with the development, implementation, operation, and use of information systems.
New security standard MashSSL builds application trust
Mar. 30, 2009
Application mashups are gaining traction in the enterprise. There's no doubt that productivity can be enhanced when new functionality can be delivered quickly and conveniently by combining information from multiple ...
Credit-card security standards questioned, survey says
Sep. 23, 2009
Most IT security professionals who must comply with the industry standards to protect credit card data think those standards have no impact at all on actual security, according to new study by Ponemon Institute.
PCI Security Standards Council: Tell us how we're doing
Jun. 24, 2009
The PCI Security Standards Council, which establishes technical standards for the payment-card industry, Tuesday invited broad feedback from both its membership and the public in order to understand the best course to ...
Companies get checklist for complying with PCI standard
Mar. 10, 2009
The organization responsible for administering the Payment Card Industry Data Security Standard is offering new guidance to companies on how to focus their PCI DSS compliance efforts so as to more quickly them in ...
Post-breach, Heartland plans aggressive encryption project
May. 06, 2009
Heartland Payment Systems intends to deploy end-to-end encryption with its merchants to protect its payment processing system from cybercriminals.
A6 promises a way to check up on public cloud security
Aug. 24, 2009
What cloud services users need is a way to verify that the security they expect is being delivered, and there is an effort underway for an interface that would do just that.
The Open Group enters cloud security debate
Aug. 17, 2009
The Open Group has formed a group to develop standards that make cloud computing effective and secure use of the technology and services.
Upgrade to Suite B security algorithms
May. 27, 2009
Most companies do not know what level of cryptography is required to properly protect their data lifeblood, nor do they have anyone tasked with assessing the coverage. As a result, most corporations today are not ...
Retail standards group to tackle virtualization security in '09
Dec. 18, 2008
In 2009, Payment Card Industry standards may establish technical guidelines for virtualization, end-to-end encryption and card storage.
A roundup of announcements
Aug. 07, 2009
Last week's newsletters looked at events surrounding the recent Catalyst Conference, and I want to get back to some of the conversations I had, and announcements that were made, at that event. But first there's a number ...
Opal promising interoperable disk-drive security
Jan. 23, 2009
The Opal security specification from the Trusted Computing Group promises interoperable encryption, authentication and management capabilities for disk-drive manufacturers and security software vendors.
Daily Mail picks fight with government for McKinnon
Jul. 06, 2009
The Daily Mail has stated its support for NASA hacker Gary McKinnon, vowing to fight his extradition.
Information security 'how not to's'
Jan. 20, 2009
It's not easy getting information security right. It is easy to get advice (often from vendors who want to sell you their semi-magic fix for all that ails you) on what you should be doing. But actually protecting your ...
PCI standards body moves ahead on payment-application cert
Apr. 16, 2008
PCI Security Standards Council releases list of certified payment applications under Payment Application Data Security Standard, while Council general manager Bub Russo describes upcoming standard efforts, and office- ...
Microsoft reveals some of its cloud security measures
Jun. 03, 2009
Microsoft has published security policies it applies to its cloud services, and sheds some light on what might ultimately develop as industry standards for securing these services.
U.S. needs transparent policies for carrying out cyberattacks
Apr. 30, 2009
The notion that the federal government needs to create an arsenal of cyberattack capabilities to help defend U.S. interests in cyberspace is gaining considerable support as concerns heighten about online security ...
A Lesson in Compliance from the Chemical Industry
Apr. 09, 2009
In many ways, the role of the CSO is directly tied to business profitability. By creating and enforcing policies that protect human, physical and intellectual assets, the CSO ensures the very integrity of the ...
Visa pilots new payment card security initiatives
Mar. 20, 2009
Acknowledging the need for controls that go beyond those offered by the Payment Card Industry (PCI) Data Security Standard, a senior Visa Inc. executive Thursday described two new initiatives to reduce payment card ...
PCI council ranks security risks, milestones
Feb. 25, 2009
Businesses shouldn't let financial pressures put PCI-security compliance on the back burner, and the PCI Security Standards Council has devised has devised a 12-step program to help merchants get there.
Fed agencies push new security audits
Feb. 23, 2009
Several federal agencies today expressed backing for the "Consensus Audit Guidelines," a set of proposed 20 cybersecurity controls, that could end up as network and application security requirements for federal agencies ...
1 2 3 4 5 6 7 8 9 10