In a packed auditorium in 2006, I recall sitting in the “Red Auditorium” at NIST to participate in a workshop hosted by the Computer Security Division. The goal of the workshop was to discuss the implementation of Phase II of the FISMA Implementation Project. At the time, the Phase read like this: “The second phase of the FISMA Implementation Project focuses on the development of a program for credentialing public and private sector organizations to provide security assessment services. Security assessment services involve the comprehensive assessment of the management, operational, and technical security controls in federal information systems to determine... Read more →
« March 2012 | Main | May 2012 »
Posts from April 2012
21 April 2012
FedRAMP 3PAO Program – Have we Heard of this Idea Before?
Posted by Matthew Metheny on 21 April 2012 at 06:47 PM in Cybersecurity Certifications, Cybersecurity Training | Permalink
|
Comments (1)
04 April 2012
Security Breach in CA Networks -Comodo, DigiNotar, GlobalSign
by Ravi Mandalia Executive Summary Since March, 2011 more and more Cyber attacks are surfacing across the globe with damaging consequences both for the companies that faced the attacks and for the customers whose details were stolen. One such attack was on Sony’s PlayStation Network that resulted into breach of personal details of nearly 70 Million customers. Some of the other cyber attacks of 2011 are RSA, Lockheed Martin, Gmail accounts of U.S. politicians, CitiGroup, IMF, etc. Considering that the above attacks are particularly high profile and are more or less detached from our day to day activities, finally joining... Read more →
Posted by Ravi Mandalia on 04 April 2012 at 10:58 AM in Network Security | Permalink
|
Comments (0)
02 April 2012
EU organizations below par on infosec
A study into the information security practices of 600 mid-sized European businesses by PwC and Iron Mountain paints a disappointing picture of their state of maturity. Their overall score comes out at 40.6 on a scale ranging from 0 (dreadful) to 100 (excellent). 40.6 is somewhat below the pass-mark of 50. In my experience performing IT audits against ISO/IEC 27002, average scores have been up around 60 to 70%, although these are for large organizations in industries that take information security seriously (financial services, defence, aerospace, pharmaceuticals and hi tech/engineering). For starters, they employed me to do their IT audits!... Read more →
Posted by Gary Hinson on 02 April 2012 at 09:29 PM in Cybersecurity Training, Risk | Permalink
|
Comments (0)
Practice Safe Computing
by F. Gary Alu What is the first thing we should check when we turn on our computer? That’s a question I always pose to the kids when I present the (ISC)2 Safe and Secure Online Program. If your answer is Facebook or Email, you have a problem. Of course having a look at your anti-virus application is the place to start. Is it running? Are the databases current? (by current I mean no older than 24 hours). Even the best anti-virus (AV) solution will do one little good if it is not running because the subscription has expired or... Read more →
Posted by Gary Alu on 02 April 2012 at 03:42 PM in Malware | Permalink
|
Comments (0)
01 April 2012
Selecting a 3PAO with assessors that have the Certificate of Cloud Security Knowledge (CCSK)
The CCSK is NOT meant to be a substitute for other certifications in information security, audit and governance. The CCSK augments other credentialing programs like the CISSP, CAP, CSSLP, etc. However, the CCSK does provide a valuable selector for organizations such as federal agencies, cloud service providers (CSPs), and even cloud customers seeking to evaluate the qualifications of potential assessors such as those included in the U.S. Government’s Federal Risk and Authorization Management Program (FedRAMP) Third Party Assessment Organization (3PAO) program when conducting their own due diligence. Per FedRAMP Program Management Office (PMO) - FedRAMP.gov FAQ: What is a 3PAO?... Read more →
Posted by Matthew Metheny on 01 April 2012 at 08:30 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security, Risk | Permalink
|
Comments (0)
Search
Categories
- (ISC)² Chapters (22)
- (ISC)² Events (159)
- Center for Cyber Safety and Education (52)
- Cloud Security (132)
- Cybersecurity Certifications (376)
- Cybersecurity Training (310)
- Cybersecurity Workforce (242)
- Digital Forensics (29)
- Ethics (52)
- Government (123)
- Insider Risk (56)
- IT Security (372)
- Legal (45)
- Malware (112)
- Network Security (175)
- Operations Security (140)
- Privacy (116)
- Ransomware (83)
- Risk (195)
- Software Development (44)
- Spotlight (71)