As a follow-on to a previous posting titled "Federal Agencies Lack Proper Security-Related Risk Management Practices" (http://blog.isc2.org/isc2_blog/2010/02/federal-agencies-lack-proper-securityrelated-risk-management-practices.html), I am dedicating the next few posting referred to as "Demystify the Risk Management Framework" to clarify the RMF and the role Risk Management plays within the System Development Lifecycle (SDLC). In parallel, I have organized a series of presentations that will provide a more detailed examination of the Risk Management Framework (RMF) collectively drawn from multiple NIST publications with the intent of providing an end-to-end discussion of the RMF and how it can be used to manage organizational risk. Several publications are... Read more →
« February 2010 | Main | April 2010 »
Posts from March 2010
30 March 2010
Demystifying the Risk Management Framework
Posted by Matthew Metheny on 30 March 2010 at 02:45 PM in IT Security | Permalink
|
Comments (0)
|
TrackBack (0)
29 March 2010
Why people are not concerned about security on Internet Social tools?
I'm scared!!! With one subject! Why people are not concerned about exposing their lives on the Internet? On a way that can put in danger not only themselves but their family and friends. I'm writing below some info I collected just looking ramdomly for profiles on some social network websites. Phones, credit card numbers, full address, if they have children, how many are they and their names, where they study, where they work, etc. You can just find everything about everyone. They're really not concerned with someone they don't know looking their profile searching for something (possible with bad intentions).... Read more →
Posted by Alexandre Cezar on 29 March 2010 at 04:07 PM in Privacy | Permalink
|
Comments (4)
|
TrackBack (0)
21 March 2010
The Anti-Phishing Working Group: Counter eCrime Operations Summit
The Anti-Phishing Working Group has asked its members to publicize the forthcoming Counter eCrime Operations Summit (CeCOS) in Brazil. I've already blogged this in quite a few other places, but given the impact of phishing and identity theft on the online community, it seems reasonable to assume that the Summit will be of interest to (ISC)2 members and readers of this blog, so I'm addressing it again here. Apologies to those who will have come across it elsewhere. This year the APWG is hosting it's fourth annual Counter eCrime Operations Summit (CeCOS IV) on May 11, 12 & 13 in... Read more →
Posted by David Harley on 21 March 2010 at 08:06 AM | Permalink
|
Comments (0)
|
TrackBack (0)
17 March 2010
Introduction to a PCI onsite assessment - Part One
Part One - Introduction to a PCI onsite assessment This is the first chapter in a series about preparing for and going through a PCI assessment;… 1. Part One - Introduction to PCI onsite assessment & QSA selection process 2. Part Two - Preparation for an onsite assessment and what to do first! 3. Part Three - Defining your scope so you know what you’re assessing 4. Part Four - Authoring a PCI Onsite Assessment RFP 5. Part Five – Selecting a QSA to conduct an onsite PCI assessment 6. Part Six – Preparing your Company and I.T. department for... Read more →
Posted by Jason Rusch, on 17 March 2010 at 08:25 AM | Permalink
|
Comments (0)
12 March 2010
Intro to infosec
A Masters level course from the UK OpenLearning/LearningSpace centre, introducing the concepts of information security management. Little or no technical content. Parts appear based on BS 7799-2/ISO 27001. Read more →
Posted by Rob Slade on 12 March 2010 at 04:06 AM in Cybersecurity Training, IT Security, Risk | Permalink
|
Comments (3)
11 March 2010
Keeping net safe
This module from the UK's OpenLearning/LearningSpace centre is a fairly basic online safety piece. It concentrates on malware, and has numerous minor errors in terminology and definitions, but is reasonable for the general public. Read more →
Posted by Rob Slade on 11 March 2010 at 03:37 PM in Cybersecurity Training, Malware, Network Security, Operations Security, Privacy | Permalink
|
Comments (0)
09 March 2010
Hitler cloud sec
You may or may not be aware of the mass of "Hitler rant" videos on YouTube. These take a clip (from the movie "Downfall") and subtitle it with a rant from Hitler about everything from college football to the iPhone to Facebook accounts to ... well, anything at all. This one is about cloud computing and security, and makes a few cute points about security in general. Read more →
Posted by Rob Slade on 09 March 2010 at 11:42 PM in Cybersecurity Training, IT Security, Network Security, Operations Security, Risk | Permalink
|
Comments (0)
Search
Categories
- (ISC)² Chapters (22)
- (ISC)² Events (159)
- Center for Cyber Safety and Education (52)
- Cloud Security (132)
- Cybersecurity Certifications (376)
- Cybersecurity Training (310)
- Cybersecurity Workforce (243)
- Digital Forensics (29)
- Ethics (52)
- Government (124)
- Insider Risk (56)
- IT Security (373)
- Legal (45)
- Malware (112)
- Network Security (176)
- Operations Security (141)
- Privacy (116)
- Ransomware (84)
- Risk (196)
- Software Development (44)
- Spotlight (71)