Forwarded from Листок бюрократической защиты информации
Роскомнадзор разработал памятку для торговых площадок, использующих персональные данные участников электронных аукционов.
Новый подкласс средств ханипотов- канарейки? https://twitter.com/sb0risov/status/1153300375350521857?s=09
Twitter
Sergey Borisov
Статья про использование "канареек" на службе ИБ https://t.co/vXZIwiOGkE
Mobile Device Security: Corporate-Owned Personally-Enabled | NCCoE
https://www.nccoe.nist.gov/projects/building-blocks/mobile-device-security/corporate-owned-personally-enabled
https://www.nccoe.nist.gov/projects/building-blocks/mobile-device-security/corporate-owned-personally-enabled
Siemens contractor pleads guilty to planting logic bomb in company spreadsheets | ZDNet
https://www.zdnet.com/article/siemens-contractor-pleads-guilty-to-planting-logic-bomb-in-company-spreadsheets/
https://www.zdnet.com/article/siemens-contractor-pleads-guilty-to-planting-logic-bomb-in-company-spreadsheets/
ZDNet
Siemens contractor pleads guilty to planting logic bomb in company spreadsheets
Logic bomb would crash spreadsheets after a certain date, resulting in Siemens hiring the contractor to fix the latest bugs.
Инфографика от IBM и института Понемона по стоимости утечек данных.
https://databreachcalculator.mybluemix.net/
https://databreachcalculator.mybluemix.net/
Сценарии пентеста публичного облака.
https://cloudsecurityalliance.org/artifacts/cloud-penetration-testing-playbook/
https://cloudsecurityalliance.org/artifacts/cloud-penetration-testing-playbook/
CSA
Cloud Penetration Testing Playbook | CSA
As cloud services continue to enable new technologies and see massive adoption there is a need to extend the scope of penetration testing into public cloud systems and components. The process described here aims to provide the foundation for a public cloud…
Forwarded from ZLONOV security
Агентство кибербезопасности и безопасности инфраструктуры (The Cybersecurity and Infrastructure Security Agency — CISA) выпустило инфографику о факторах риска беспроводных сетей 5G.
https://www.dhs.gov/sites/default/files/publications/pdm19028_5g_risk_characterizationc_v14_05july2019.pdf
https://www.dhs.gov/sites/default/files/publications/pdm19028_5g_risk_characterizationc_v14_05july2019.pdf
Ransomware: Why cities have become such a big target for cyberattacks - and why it'll get worse | ZDNet
https://www.zdnet.com/article/ransomware-why-cities-have-become-such-a-big-target-for-cyberattacks-and-why-itll-get-worse-before-it-gets-better/
https://www.zdnet.com/article/ransomware-why-cities-have-become-such-a-big-target-for-cyberattacks-and-why-itll-get-worse-before-it-gets-better/
ZDNet
Ransomware: Why cities have become such a big target for cyberattacks - and why it'll get worse
A number of US cities have paid ransoms of hundreds of thousands of dollars after getting caught out by hackers -- and if the business model is working, cybercriminals will keep exploiting it.
Разрыв в представлении о безопасности кода и программирования.
https://www.schneier.com/blog/archives/2019/07/software_develo.html
https://www.schneier.com/blog/archives/2019/07/software_develo.html
Рекомендации по безопасности от Магатэ, в том числе, упоминается ИБ.
https://www.iaea.org/publications/13527/international-nuclear-security-advisory-service-insserv-guidelines
https://www.iaea.org/publications/13527/international-nuclear-security-advisory-service-insserv-guidelines
SP 800-133 Rev. 1, Recommendation for Cryptographic Key Generation | CSRC
https://csrc.nist.gov/publications/detail/sp/800-133/rev-1/final
https://csrc.nist.gov/publications/detail/sp/800-133/rev-1/final
CSRC | NIST
NIST Special Publication (SP) 800-133 Rev. 1, Recommendation for Cryptographic Key Generation
Cryptography is often used in an information technology security environment to protect data that is sensitive, has a high value, or is vulnerable to unauthorized disclosure or undetected modification during transmission or while in storage. Cryptography…