CWE list now includes hardware security weaknesses - Help Net Security
https://www.helpnetsecurity.com/2020/02/27/hardware-security-weaknesses/
https://www.helpnetsecurity.com/2020/02/27/hardware-security-weaknesses/
Help Net Security
CWE list now includes hardware security weaknesses - Help Net Security
The Mitre Corporation has released version 4.0 of the Common Weakness Enumeration list, which has been expanded to include hardware security weaknesses.
SP 800-133 Rev. 2 (Draft), Recommendation for Cryptographic Key Generation | CSRC
https://csrc.nist.gov/publications/detail/sp/800-133/rev-2/draft
https://csrc.nist.gov/publications/detail/sp/800-133/rev-2/draft
CSRC | NIST
NIST Special Publication (SP) 800-133 Rev. 2 (Draft), Recommendation for Cryptographic Key Generation
Cryptography is often used in an information technology security environment to protect data that is sensitive, has a high value, or is vulnerable to unauthorized disclosure or undetected modification during transmission or while in storage. Cryptography…
Forwarded from Пост Лукацкого
OWASP выпустил бесплатный инструмент для моделирования угроз Threat Dragon https://t.co/nRrLEMh28Y
— Alexey Lukatsky (@alukatsky) March 7, 2020
— Alexey Lukatsky (@alukatsky) March 7, 2020
GitHub
owasp-threat-dragon/README.md at master · mike-goodwin/owasp-threat-dragon
An open source, online threat modelling tool from OWASP - mike-goodwin/owasp-threat-dragon
Forwarded from RUSCADASEC news: Кибербезопасность АСУ ТП (Anton Shipulin)
Команда MITRE ATT&CK рассказала о планах на 2020 год. Среди прочего:
- Оценивают слияние MITRE ATT&CK for ICS c единой MITRE ATT&CK (в которую уже решено объединить PRE-ATT&CK, Mobile ATT&CK, and Enterprise ATT&CK)
- Планируют публикацию мапинга техник MITRE ATT&CK с противодействующими им контролями NIST 800.53 v4 (и другими фрэймворками)
https://medium.com/mitre-attack/2020-attack-roadmap-4820d30b38ba
- Оценивают слияние MITRE ATT&CK for ICS c единой MITRE ATT&CK (в которую уже решено объединить PRE-ATT&CK, Mobile ATT&CK, and Enterprise ATT&CK)
- Планируют публикацию мапинга техник MITRE ATT&CK с противодействующими им контролями NIST 800.53 v4 (и другими фрэймворками)
https://medium.com/mitre-attack/2020-attack-roadmap-4820d30b38ba
Medium
2020 ATT&CK Roadmap
Taking a look back at 2019 and presenting a 2020 roadmap for ATT&CK
Nice casebook about US law in Cybersecurity.
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3547103
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3547103
Ssrn
Cybersecurity Law, Policy, and Institutions (version 3.1)
This is the full text of my interdisciplinary “eCasebook” designed from the ground up to reflect the intertwined nature of the legal and policy questions associ
ISO - Keeping biometric data on the same page with new International Standards
https://www.iso.org/news/ref2478.html
https://www.iso.org/news/ref2478.html
ISO
Keeping biometric data on the same page with new International Standards
Biometric data interchange formats provide the common language that allows for interoperability between different biometric technologies. As the field of applications has grown to give rise to different generations of such formats, so too has the need to…
NICE Webinar Series | NIST
NICE Framework Uses and Success Stories
https://www.nist.gov/itl/applied-cybersecurity/nice/events/webinars
NICE Framework Uses and Success Stories
https://www.nist.gov/itl/applied-cybersecurity/nice/events/webinars
DOJ's totally non-binding guide to legal cyber research -- FCW
"The document offers non-binding legal guidance for how to navigate cyber intelligence gathering on the internet, particularly for sites that "openly advertise illegal services and the sale of stolen credit card numbers, compromised passwords, and other sensitive information."
https://fcw.com/articles/2020/03/03/doj-cyber-research-guide-johnson.aspx?m=1
"The document offers non-binding legal guidance for how to navigate cyber intelligence gathering on the internet, particularly for sites that "openly advertise illegal services and the sale of stolen credit card numbers, compromised passwords, and other sensitive information."
https://fcw.com/articles/2020/03/03/doj-cyber-research-guide-johnson.aspx?m=1
FCW
DOJ's totally non-binding guide to legal cyber research -- FCW
The document offers non-binding legal guidance for how to navigate cyber intelligence gathering on the Internet, particularly for sites that advertise illegal services.
Future of Data Protection, Privacy & IT Risk Management 2020
ISACA Virtual Summit
March 25, 2020
https://www.isaca.org/education/online-events/lms_wvs0320?cid=sm_2003300
ISACA Virtual Summit
March 25, 2020
https://www.isaca.org/education/online-events/lms_wvs0320?cid=sm_2003300