Archive for the 'Guidelines' Category

NIST Draft Special Publication 800-113 - Guide to SSL VPNs

Tuesday, August 14th, 2007

This publication discusses the fundamental technologies and features of SSL VPNs.
It describes SSL and how it fits within the context of layered network security.
It presents a phased approach to SSL VPN planning and implementation that can help in achieving successful SSL VPN deployments.
It also compares the SSL VPN technology with IPsec VPNs and other VPN solutions.
This information is particularly valuable for helping organizations to determine how best to deploy SSL VPNs within their specific network environments.

Posted in Web Applications, Guidelines | No Comments »

The Standard of Good Practice for Information Security

Wednesday, August 8th, 2007

Today I came across the The Standard of Good Practice for Information Security which has been produced by the Information Security Forum (ISF), an international association of over 260 leading organisations which fund and co-operate in the development of a practical research programme in information security.
The ISF’s work probably represents the most comprehensive and […]

Posted in Framework, Guidelines | No Comments »

New European ICT Security Standards Roadmap

Friday, June 8th, 2007

One of the objectives of this security standards portal named “ICT Security Standards Roadmap” is to provide a central tracking facility for NIS standards. It facilitates identification of standards and standardization activities, as well as coordination among standardization bodies, reduction of duplicate work and easier identification of existing gaps.

Posted in Framework, Guidelines | No Comments »

NIST CSRC Special Publications June Update

Tuesday, June 5th, 2007

NIST publications : Guidelines on Cell Phone Forensics, Guide for Assessing the Security Controls in Federal Information Systems, Guidelines on Securing Public Web Servers, User’s Guide to Securing External Devices for Telework and Remote Acces, Specification for the Extensible Configuration Checklist Description Format (XCCDF)

Posted in Framework, Guidelines, Articles | 1 Comment »

Why internal threats and vulnerabilities became hot issues.

Thursday, April 19th, 2007

Internal threats and vulnerabilities have become a burning issue and this article discuss the need to increase the security controls and countermeasure against these threats

Posted in internal threats, Guidelines | 1 Comment »

How To perform a Social Engineering Attack

Thursday, February 1st, 2007

OSSTMM guru Pete Herzog released today an interesting guide on social engineering assessments.

Posted in Social Engineering, Penetration Testing, Guidelines | No Comments »

Guidelines on Cell Phone Forensics

Monday, January 8th, 2007

The draft NIST Special Publication 800-101, Guidelines on Cell Phone Forensics, is available for public comment. The guide outlines general principles and provides technical information intended to aid organizations evolve appropriate policies and procedures for preserving, acquiring, and examining digital evidence found on cell phones.

Posted in Guidelines | No Comments »