|
Information Availability & Security Nuggets (2008/09 GUIDE) Page 88
Page 93 Page 103
Online
Center for Internet Security Free Benchmarks The Center for Internet Security (CIS) is a non-profit enterprise whose mission is to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls. The practical CIS Benchmarks support available high level standards that deal with the "Why, Who, When, and Where" aspects of IT security by detailing "How" to secure an ever widening array of workstations, servers, network devices, and software applications in terms of technology specific controls. CIS Scoring Tools analyze and report system compliance with the technical control settings in the Benchmarks. The CIS Benchmarks are available for download free of charge to the Internet community from this web site. www.cisecurity.org/charter.html Lots of Good Stuff from InfoSecurity Guru Kevin Beaver
Two Near-Disasters Highlight Backup/Recovery Deficiencies Jon Toigo discusses a recent regional disaster in which a large company will quickly discover that the damage to small firms in the area can dramatically reduce its own recovery. www.esj.com/storage/article.aspx?EditorialsID=3257 Fusion Risk Management White Paper Fusion’s latest white paper, Achieving Risk Management Maturity, addresses the challenges that businesses face when managing business risk related to the use of Information Technology, as well as related to business operations. The current state of affairs related to risk management in American businesses both large and small will be explored. This paper then highlights the importance of risk management to the business in normal times, as well as in times of crisis. The shortcomings of traditional risk management techniques will also be explained, noting the high level trends that demand new approaches. www.fusionriskmgmt.com/fusion_latest_thinking.html From IT Security
Complying with Data-Privacy Laws As companies and consumers become increasingly reliant on mobile technology, more laws are being enacted to ensure data security. Find out if your business is up-to-speed on the most recent regulations by reading this free white paper. With this guide, you'll understand the most important developments in data security, including:
Register now to download this free white paper and learn more. www.itsecurity.com/whitepaper/complying-data-privacy-laws-nokia/ New Resources from SunGard
From CSO Online Terrific Articles to Check out!
www.csoonline.com/topic/41248/Business_Continuity How to Evaluate BC/DR Consultants Iowa's Floods: Tragic Lesson in Business Continuity 5 Ways to Build a Business Case for Business Continuity Five Steps to Evaluating Business Continuity Services Five Ways to Turn Employees into Security Assets for Protecting Data Monitoring the Enemy Within: Reflections on a New Internal Data Theft Study New to Network Security? Incident Detection, Response, and Forensics: The Basics Focus On The Human Factor, Security Panel Says Whitepaper From ISSA Biggest Information Security Mistakes that Organizations Make, and How to Avoid Making Them www.issa.org/Resources/Whitepapers.html New Resources from ISACA Information assurance is the bedrock upon which enterprise decision-making is built. Without assurance, enterprises cannot feel certain that the information upon which they base their mission-critical decisions is reliable, confidential, secure and available when needed. ISACA has long served the information systems audit and assurance community, since its inception in 1969. Available for free download:
Complimentary Download (PDF, 650K) Best Practices Guides from ISAlliance These guides helps to catalyze a risk-management based approach to ensuring the survivability and security of critical information assets. The best practices contained represent the 10 highest priority and most frequently recommended security practices as a place to start for today's operational systems. Three free downloads are available.
www.isalliance.org/index.php?option=com_performs&formid=3&Itemid=165 Liberty Alliance Releases Guidelines for Data Management Businesses now have new guidelines for sharing and protecting sensitive data. The Liberty Alliance, a coalition of businesses and other organizations, has released new frameworks which can help create new efficiencies in data handling. Liberty Alliance, the global identity community working to build a more trust-worthy internet for consumers, governments and businesses worldwide, has announced the first public release of the protocol independent Liberty Identity Assurance Framework (IAF). The IAF details four identity assurance levels to ease and speed the process of linking trusted identity-enabled enterprise, social networking and Web 2.0 applications together based on standardized business rules and security risks associated with each level of identity assurance. Liberty Alliance will launch an IAF identity assurance accreditation and certification program during 3Q 08. The first version of the Liberty Alliance Identity Assurance Framework released is available for download. HumaniNet Provides Technology Assistance to Humanitarian Organizations HumaniNet was founded in 2002 by a group of volunteers in the United States who recognized the acute need for technology assistance to humanitarian organizations. Since then, HumaniNet has grown to become a cooperative network of over 100 field organizations, several supporting technology businesses, and a group of expert volunteers who help with research and analysis, finding the best practices, and sharing field results in global information and communication technologies, or ICT. This informal alliance consists of several constituencies: Field partners. A fast-growing, informal alliance of nonprofit humanitarian and mission organizations whom we assist and who share their observations and field results in global information and communication technologies, or ICT. Technology partners. We have formed cooperative and productive relationships with experts in a variety of ICT areas and with companies and leaders who understand the needs and challenges facing the humanitarian community. Funding partners. Our donors make it possible for us to deliver the information and assistance that humanitarian teams need. We acknowledge their contributions to HumaniNet and to the "people who help people." HumaniNet Project Team. The HumaniNet Project Team is a growing group of experienced and committed volunteers who give of their time, talents, and resources to further the HumaniNet vision. Leadership. Meet our executive director, board, and advisory council. Business Continuity Research by IDG IDG Research conducted a survey among senior IT leaders in March 2008 to learn about companies' overall business continuity preparedness, the impact of the current economy and the role of virtualization in business continuity/disaster recovery plans. Read this research report to see the results, explore what has changed from last year's research, and see what companies are planning next for their business continuity plans. www.cio.com/white-paper/429514/Business_Continuity_Research DHS Will Enhance Homeland Security Information Network (HSIN) The U.S. Department of Homeland Security (DHS) announced today that it is taking steps to enhance its Homeland Security Information Network (HSIN). Known as HSIN Next Generation (NextGen), the enhancement will provide a secure and trusted national platform for Sensitive But Unclassified (SBU) information sharing and collaboration between federal, state, local, tribal, territorial, private sector, and international partners. HSIN Next Generation will update the current HSIN technology to better enable Homeland Security to meet the requirements of a trusted and secure environment, combined with enhanced capabilities in many areas. HSIN NextGen will provide DHS, DHS partners, and stakeholders information management capabilities and services including a portal, search, collaboration, enterprise content management, and Service Oriented Architecture-based information integration and analysis functions to facilitate their collaboration and information sharing needs for SBU data. www.dhs.gov/xnews/releases/pr_1212787226112.shtm Cyber Security Guide for Small Business The U.S. Chamber of Commerce and the Internet Security Alliance Cyber Security Guide have published a guide to help small businesses. The publication: Commonsense Guide to Cyber Security for Small Businesses is available to download. www.ready.gov/business/protect/cybersecurity.html From CIO.com Consolidated Disaster Recovery Using Virtualization A Practical Roadmap for Comprehensive Data Protection Reduce the Risk of Costly Data Breaches: Three Pillars of Data Protection Eight Quick Ways to Get Your Site Blacklisted How to Prevent a Data Disaster CSI Computer Crime and Security Survey Shows Average Cyber-Losses Jumping After Five-Year Decline The Computer Security Institute (CSI) released its 2007 report with news that the average annual loss reported by U.S. companies in the 2007 CSI Computer Crime and Security Survey more than doubled, from $168,000 in last year's report to $350,424 in this year's survey. This ends a five-year run of lower reported losses. Financial fraud overtook virus attacks as the source of the greatest financial loss. Virus losses, which had been the leading cause of loss for seven straight years, fell to second place. Another significant cause of loss was system penetration by outsiders. Additional key findings include:
"At a period when experts throughout the industry have been discussing with concern the growing sophistication and stealth of cyber attacks, here we have a couple hundred respondents saying they lost significantly more money last year," states Robert Richardson, CSI director and author of the survey. "There's a strong suggestion in this year's results that mounting threats are beginning to materialize as mounting losses." The complete CSI/FBI Computer Crime and Security Survey is available for free download on the CSI Web site. www.gocsi.com/forms/csi_survey.jhtml From SearchSecurity Data Lifecycle Security Essentials Information Security and Business Integration http://searchsecurity.techtarget.com/magazineCurrent/0,296884,sid14,00.html Back to the top |