Еще один набор лучших международных практик для финансовых организаций от института Карнеги.
https://carnegieendowment.org/2019/07/16/carnegie-launches-cyber-resilience-and-financial-organizations-capacity-building-tool-box-pub-79511
https://carnegieendowment.org/2019/07/16/carnegie-launches-cyber-resilience-and-financial-organizations-capacity-building-tool-box-pub-79511
Carnegie Endowment for International Peace
Carnegie Launches the “Cyber Resilience and Financial Organizations: A Capacity-building Tool Box”
Carnegie Endowment for International Peace today released “Cyber Resilience and Financial Organizations: A Capacity-building Tool Box” in partnership with the SWIFT Institute, the original sponsor, the IMF, the Financial Services Information Sharing and Analysis…
The Tool Box contains:
(1) Board-Level Guide: Cybersecurity Leadership;
(2) CEO-Level Guide: Cybersecurity Leadership;
(3) CISO-Level Guide: Protecting Your Organization;
(4) CISO-Level Guide: Protecting Your Customers;
(5) CISO-Level Guide: Protecting Connections to Third Parties; and
(6) Incident Response Guide – each accompanied by a checklist and a supplementary report detailing the various standards and policies that informed the development of the tool box.
(1) Board-Level Guide: Cybersecurity Leadership;
(2) CEO-Level Guide: Cybersecurity Leadership;
(3) CISO-Level Guide: Protecting Your Organization;
(4) CISO-Level Guide: Protecting Your Customers;
(5) CISO-Level Guide: Protecting Connections to Third Parties; and
(6) Incident Response Guide – each accompanied by a checklist and a supplementary report detailing the various standards and policies that informed the development of the tool box.
TLS Server Certificate
Organizations that do not have a plan are at higher risk for system outages and security breaches, which can result in:
revenue loss
harm to reputation or brand
loss of privacy
exposure of confidential data to attackers
Management | NCCoE
https://www.nccoe.nist.gov/projects/building-blocks/tls-server-certificate-management
Organizations that do not have a plan are at higher risk for system outages and security breaches, which can result in:
revenue loss
harm to reputation or brand
loss of privacy
exposure of confidential data to attackers
Management | NCCoE
https://www.nccoe.nist.gov/projects/building-blocks/tls-server-certificate-management
Forwarded from Листок бюрократической защиты информации
Роскомнадзор разработал памятку для торговых площадок, использующих персональные данные участников электронных аукционов.
Новый подкласс средств ханипотов- канарейки? https://twitter.com/sb0risov/status/1153300375350521857?s=09
Twitter
Sergey Borisov
Статья про использование "канареек" на службе ИБ https://t.co/vXZIwiOGkE
Mobile Device Security: Corporate-Owned Personally-Enabled | NCCoE
https://www.nccoe.nist.gov/projects/building-blocks/mobile-device-security/corporate-owned-personally-enabled
https://www.nccoe.nist.gov/projects/building-blocks/mobile-device-security/corporate-owned-personally-enabled
Siemens contractor pleads guilty to planting logic bomb in company spreadsheets | ZDNet
https://www.zdnet.com/article/siemens-contractor-pleads-guilty-to-planting-logic-bomb-in-company-spreadsheets/
https://www.zdnet.com/article/siemens-contractor-pleads-guilty-to-planting-logic-bomb-in-company-spreadsheets/
ZDNet
Siemens contractor pleads guilty to planting logic bomb in company spreadsheets
Logic bomb would crash spreadsheets after a certain date, resulting in Siemens hiring the contractor to fix the latest bugs.