De-mystifying Secure Software Development Webinar | NCCoE
https://www.nccoe.nist.gov/events/de-mystifying-secure-software-development-webinar
https://www.nccoe.nist.gov/events/de-mystifying-secure-software-development-webinar
www.nccoe.nist.gov
De-mystifying Secure Software Development Webinar | NCCoE
Background
Forwarded from Пост Лукацкого
Свеженький отчет Exabeam по SOCам - https://t.co/1aWXBzZoS0 Многое перекликается с российским исследованием по SOCам, которое публикует @BISJournal - https://t.co/wf3O9vh8RU pic.twitter.com/rvgqKH4UVe
— Alexey Lukatsky (@alukatsky) June 17, 2020
— Alexey Lukatsky (@alukatsky) June 17, 2020
TLS Server Certificate Management | NCCoE
https://www.nccoe.nist.gov/projects/building-blocks/tls-server-certificate-management
https://www.nccoe.nist.gov/projects/building-blocks/tls-server-certificate-management
Forwarded from dukeBarman
Помимо этого сейчас проходит https://open-security-summit.org/ Только что закончился первый день https://www.youtube.com/watch?v=2B1U1GR-jzU Данный трэк посвящен "Threatmodel Tool Demos"
open-security-summit.org
Open Security Summits in 2024
The Open Security Summit is focused on the collaboration between Developers and Application Security. Using the same model as the previous OWASP Summits, this 5-day event will be a high-energy experience, during which attendees get the chance to work and…
Using the FedRAMP OSCAL Resources and Templates | FedRAMP.gov
https://fedramp.gov/using-the-fedramp-oscal-resources-and-templates/
https://fedramp.gov/using-the-fedramp-oscal-resources-and-templates/
www.fedramp.gov
Using the FedRAMP OSCAL Resources and Templates | FedRAMP.gov
The FedRAMP PMO, in collaboration with NIST, is working to digitize the authorization package through the development of a common machine-readable language, ...
New stage of ids/ips evolution through NTA to NDR.
https://www.gartner.com/doc/reprints?id=1-1Z8C9OAX&ct=200612&st=sb
https://www.gartner.com/doc/reprints?id=1-1Z8C9OAX&ct=200612&st=sb
Nice teaching story about importance of IAM/PAM and MFA with references to the several guides.
https://twitter.com/gvnshtn/status/1274737971107901441?s=09
https://twitter.com/gvnshtn/status/1274737971107901441?s=09
Twitter
gvnshtn
Maersk, me & notPetya https://t.co/keitEjG38N Hope this helps ❤ #CyberAttack #CyberSecurity #PAM #AzureAD #ActiveDirectory #Baseline #MFA #Maersk #notPetya
InfoSec World 2020: Companies deficient in security compliance, training
https://www.scmagazine.com/infosec-world-2020/risk-assessments-reveal-businesses-remain-deficient-in-security-compliance-training/
https://www.scmagazine.com/infosec-world-2020/risk-assessments-reveal-businesses-remain-deficient-in-security-compliance-training/
SC Media
InfoSec World 2020: Companies deficient in security compliance, training
Of 100+ businesses that conducted a risk self-assessment, over 65% admitted to reaching zero-to-minimal compliance of state privacy/security regulations.
Good manual updated every (!) month.
Australian Government Information Security Manual (ISM) | Cyber.gov.au
https://www.cyber.gov.au/acsc/view-all-content/ism
Australian Government Information Security Manual (ISM) | Cyber.gov.au
https://www.cyber.gov.au/acsc/view-all-content/ism
www.cyber.gov.au
Information security manual | Cyber.gov.au
The Information security manual (ISM) is a cybersecurity framework that an organisation can apply, using their risk management framework, to protect their information technology and operational technology systems, applications and data from cyberthreats.
It looks like that official hardware bugs and backdoors are getting from mythical to lawful, it must be considered during risk assessments.
https://www.theregister.com/2020/06/24/us_encryption_backdoor/
https://www.theregister.com/2020/06/24/us_encryption_backdoor/
The Register
After huffing and puffing for years, US senators unveil law to blow the encryption house down with police backdoors
Lawmakers will attempt to bend the laws of mathematics to their will
Forwarded from Пост Лукацкого
Полезный обзор Валерия Естехина нового Положения Банка России от 08.04.2020 № 716-П по управлению операционным рисков в части планирования деятельности служб ИБ https://t.co/qmAX1txb65
— Sergey Borisov (@sb0risov) June 26, 2020
— Sergey Borisov (@sb0risov) June 26, 2020
Blogspot
Год 2022. Новое Положение Банка России от 08.04.2020 № 716-П
Все в этой жизни построено на оценке рисков Про план действий служб ИБ и ИТ по внедрению Положения Банка России № 716-П читайте здесь . ...
ITL Bulletin , NIST Privacy Framework: An Overview | CSRC
https://csrc.nist.gov/publications/detail/itl-bulletin/2020/06/nist-privacy-framework/final
https://csrc.nist.gov/publications/detail/itl-bulletin/2020/06/nist-privacy-framework/final
CSRC | NIST
ITL Bulletin June 2020, NIST Privacy Framework: An Overview
This bulletin summarizes the information found in the voluntary NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (Version 1.0). The Privacy Framework is a tool developed in collaboration with stakeholders intended to…
Forwarded from RUSCADASEC news: Кибербезопасность АСУ ТП (Anton Shipulin)
IEC выпустила финальную версию стандарта IEC 62443-3-2:2020 Security for industrial automation and control systems - Part 3-2: Security risk assessment for system design. Доступен для покупки.
IEC 62443-3-2:2020(E) establishes requirements for:
• defining a system under consideration (SUC) for an industrial automation and control system (IACS);
• partitioning the SUC into zones and conduits;
• assessing risk for each zone and conduit;
• establishing the target security level (SL-T) for each zone and conduit; and
• documenting the security requirements.
https://webstore.iec.ch/publication/30727
IEC 62443-3-2:2020(E) establishes requirements for:
• defining a system under consideration (SUC) for an industrial automation and control system (IACS);
• partitioning the SUC into zones and conduits;
• assessing risk for each zone and conduit;
• establishing the target security level (SL-T) for each zone and conduit; and
• documenting the security requirements.
https://webstore.iec.ch/publication/30727