searchsecurity.techtarget.com/magazineFeatures/0,296886,sid14_tax306400,00.html
Family Internet Safety – excellent resources on how you can protect your family online.
home.mcafee.com/AdviceCenter/Default.aspx?id=ad_fis
CERT ® Resiliency Management Model
Carnegie Mellon’s Software Engineering Institute -- CERT has developed tools, techniques, and methodologies that allow organizations to move their security and business continuity activities to the next level by focusing on actively managing operational resiliency to achieve the organization’s mission. The cornerstone of their research is the development of the CERT ® Resiliency Management Model.
A partial, draft version of the model has been released and is available for download for reference purposes. Process areas of the CERT Resiliency Management Model are being published as they are completed and made available for download.
www.cert.org/resiliency/rmm.html
Articles Worth Reviewing
www.csoonline.com/topic/41248/Business_Continuity
The United States Computer Emergency Readiness Team is charged with providing response support and defense against cyber attacks for the Federal Civil Executive Branch (.gov) and information sharing and collaboration with state and local government, industry and international partners. Four products offer a variety of information for users with varied technical expertise.
- Technical Cyber Security Alerts
Provide timely information about current security issues, vulnerabilities, and exploits.
- Cyber Security Bulletins
Provide weekly summaries of new vulnerabilities. Patch information is provided when available.
- Cyber Security Alerts
Provide timely information about current security issues, vulnerabilities, and exploits. They outline the steps and actions that non-technical home and corporate computer users can take to protect themselves from attack.
- Cyber Security Tips
Provide advice about common security issues for the general public.
www.us-cert.gov/cas/alldocs.html
www.us-cert.gov/cas/signup.html
Two Good Articles on Social Networking
Companies Seek Social Networking's promise, Find Peril Instead
Seventh Annual Global Information Security Survey: Social networking sites such as Twitter, Facebook and LinkedIn enhance collaboration but also make it easier than ever for your employees to share customer data and company secrets with outsiders (First of a four-part series).
www.csoonline.com/article/505863/Companies_Seek_Social_Networking_s_promise_Find_Peril_Instead
Slapped in the Facebook: Social Networking Dangers Exposed
Two security researchers demonstrate the many ways bad people can tamper with your Facebook account, MySpace page or LinkedIn profile
www.csoonline.com/article/479824/Slapped_in_the_Facebook_Social_Networking_Dangers_Exposed
Disaster Recovery Helps Ensure Business Resiliency While Cutting Operating Costs
Virtualization doesn’t stop with servers and storage devices—it’s a springboard for innovation
Application and Desktop Virtualization
There are many kinds of virtualization and all of them can be used to support your disaster recovery or business continuity plan. When you mention the word, most IT staff tend to think of server virtualization. However, application and desktop virtualization can also be of help in your BC planning process.
Read More >>
Why do we need to do a Business Impact Analysis? Is there an alternative?
Why do we need to do a business impact analysis or BIA? “Isn't there another way to identify the critical functions in our organization?”
Read More >>
Seven Reasons You Should Blueprint Your Organization’s Dependencies
When you imagine the organization you're working to protect, how do you see it in your mind's eye? How do you develop a sense for this complex set of buildings, people, computers, software, vendors and more? And once you see the big picture, how do you record it and share it with others to improve reliability and recoverability?
Read More >>
The Essential Components of Data Center Design
The modern data center spans the gamut from the tiny “cargo container” style to gigantic data center campuses that sprawl across hundreds of acres, and from energy gluttons to theorized electricity sippers. The best design is not only focused on energy efficiency but must consider flexibility to meet a constantly changing environment.
Read More >>
10Minutes on Data & Identity Theft
The risk of data and identity theft is on the rise. 10Minutes on data and identity theft discusses key risk indicators of data and identity theft vulnerability and explains why having strong data safeguards in place can help secure a company's reputation, competitiveness, and financial well-being.
Global State of Information Security Survey
Protecting corporate information assets is critical—especially as mobile devices proliferate, open use of the Internet surges, new business models shake out, and strategic sourcing initiatives stretch "long reach" supply chains further and across more countries and companies than ever before. PWC asked more than 7,000 CEOs, CFOs, CIOs, CSOs, vice presidents and directors of IT and information security from 119 countries.
Data Loss Prevention
An increasing number of high-profile data security breaches have made headlines. These events can not only expose a business to costly and devastating legal ramifications, they can severely denigrate a brand—sometimes to the point of disrepair. Point solutions don‘t work. For data loss prevention (DLP) to be effective, companies must decide on the right strategy, engage the right people, target the right data, and employ the right technology.
www.pwc.com/us/en/issues/data-loss-prevention/publications/index.jhtml
The Privacy Paradox: The Challenges of Locking Down Data in an Open World
Connecting privacy, data protection, and information security requirements as part of a comprehensive, holistic privacy governance model is a first step toward responding to the regulatory challenges of today’s global marketplace. Importantly, those firms that embrace privacy and data protection as integral components of their risk management structure will be the ones positioned strategically to compete for and retain market share in the future.
Resources on Cloud Computing and Virtualization
Many organizations are finding that the flexibility and cost savings of cloud computing and virtualization to be beneficial to their bottom line. A login required to read full article.
Basics of Cloud Computing
Cloud Computing is the newest buzzword in the IT world, but is it really all that new? Here's a quick primer to take away any remaining mystery surrounding this latest technology and to help you decide if it's worth embracing.
Looking at IT Governance Through the Clouds
Cloud computing offers cost savings, flexibility and speed of deployment that can be very tempting to all kinds of IT organizations, but don't forget about the risks inherent in turning over control of your data in the age of IT Governance and SOX compliance.
Making a Good Case for Virtualization Technologies
Virtualization as a concept has been around since the 1960s. There are still kinks to iron out, but it has proven itself as a sustainable technology that only improves over time. Today, cost-constrained companies are making a good case for virtualization technologies.
Sixth Annual Global Security Survey: Protecting What Matters.”
60-page survey report
A look at a few of the most popular stories ever posted on the pages of Dark Reading.
Free Executive Book – Mastering Recovery
Do your employees and investors demand that your business be available 24/7—without interruption? Not all systems and application are equally important—some are critical and some are less time sensitive. SunGard's experts have distilled three decades of experience into "Mastering Recovery," a free executive book that helps explain the options for getting your business back in business.
Some of the topics you will find in Mastering Recovery:
- The Changing Face of Disaster
- Assessing Where You Are -- And Where You Need to Be
- Overcoming the Obstacles
- Someone's Looking over Your Shoulder
- Review Your Options: Tape-based Strategies
- Review Your Options: Electronic Backup Strategies
- Review Your Options: Advanced Recovery Strategies
- You Can't Be Too Careful
Download the Executive Book by clicking here
Good Resources for Security & Storage
- Q&A: Staying Ahead of Network Security Issues
- Five Best Practices for Mitigating Insider Breaches
- New Attacks Use Old Tricks
- Data Protection Guidelines for the Obama Administration
- Developer Access: The Threat Within
- Business Executives Don't Tie Disaster Recovery Efforts to Business Success, Study Reveals
esj.com/articles/list/security.aspx
- Three Hidden Costs of Backup
- Getting It On Tape
esj.com/articles/list/storage.aspx
SANS is a highly trusted source for information security training and certification. SANS develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. Many of the valuable SANS resources are free to all who ask.
SANS NewsBites
is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible. New issues are delivered free every Tuesday and Friday.
www.sans.org/newsletters/newsbites/
The Top Cyber Security Risks
Two risks dwarf all others, but organizations fail to mitigate them. This study features attack data protecting 6,000 organizations, vulnerability data from 9,000,000 systems, and additional analysis and tutorial by the Internet Storm Center and key SANS faculty members.
www.sans.org/top-cyber-security-risks
http://www.itsecurity.com/
ISACA got its start in 1967, when a small group of individuals with similar jobs—auditing controls in the computer systems that were becoming increasingly critical to the operations of their organizations—sat down to discuss the need for a centralized source of information and guidance in the field. ISACA has become a pace-setting global organization for information governance, control, security and audit professionals. Free downloads from ISACA include:
An Introduction to the Business Model for Information Security
This is the first document in a series planned around the Business Model for Information Security. Based on the white paper “Systemic Security Management,” developed by the USC Marshall School of Business Institute for Critical Information Infrastructure Protection, this guide provides a starting point for discussion and future development. It defines the core concepts that will evolve into practical aids information security and business unit managers can use to align security program activities with organizational goals and priorities, effectively manage risk, and increase the value of information security program activities to the enterprise.
Download Introduction (451K)
Download Brochure (125K)
Other good downloads include:
IT Governance Roundtable: Unlocking Value
Enterprise Risk: Identify, Govern and Manage Risk The Risk IT Framework
www.isaca.org/Template.cfm?Section=Downloads
http://searchstorage.techtarget.com/magazineArchives/0,296887,sid5,00.html
Back to the top
|