SP 800-210, General Access Control Guidance for Cloud Systems | CSRC
https://csrc.nist.gov/publications/detail/sp/800-210/final
https://csrc.nist.gov/publications/detail/sp/800-210/final
CSRC | NIST
NIST Special Publication (SP) 800-210, General Access Control Guidance for Cloud Systems
This document presents cloud access control characteristics and a set of general access control guidance for cloud service models: IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service). Different service delivery…
Security & Privacy Compliance in Work from Home Situations
August 06, 2020
12:00 PM (EDT) / 11:00 AM (CDT) / 9:00 AM (PDT) / 4:00 PM (UTC) |Webinar
https://www.isaca.org/education/online-events/lms_w080620
August 06, 2020
12:00 PM (EDT) / 11:00 AM (CDT) / 9:00 AM (PDT) / 4:00 PM (UTC) |Webinar
https://www.isaca.org/education/online-events/lms_w080620
No actively exploited zero-days have been found in Linux, Safari, or macOS since 2014, when Google began tracking this stat.
2019 was the first year when an Android zero-day was discovered.
Not all zero-days impacted the latest version of the OS/software.
Google suspects some software vendors are hiding actively exploited zero-days as mundane bugfixes.
Google says there's a detection bias towards Microsoft, as there are more security tools specialized in detecting Windows bugs.
Google says it's hard to find zero-days on mobile platforms due to walled garden and app sandbox approaches.
63% of 2019's 0-day vulnerabilities were memory corruption bugs (Same 63% figure also applies to 2020 H1's zero-days. This is also in tune with stats released by Microsoft and Google in 2019, both claiming that 70% of all Microsoft security bugs and 70% of all Chrome vulnerabilities are memory safety issues) (In 2020, 63% of all).
Google said that it plans to publish an annual Zero-Day Year in Review report each year, going forward.
2019 was the first year when an Android zero-day was discovered.
Not all zero-days impacted the latest version of the OS/software.
Google suspects some software vendors are hiding actively exploited zero-days as mundane bugfixes.
Google says there's a detection bias towards Microsoft, as there are more security tools specialized in detecting Windows bugs.
Google says it's hard to find zero-days on mobile platforms due to walled garden and app sandbox approaches.
63% of 2019's 0-day vulnerabilities were memory corruption bugs (Same 63% figure also applies to 2020 H1's zero-days. This is also in tune with stats released by Microsoft and Google in 2019, both claiming that 70% of all Microsoft security bugs and 70% of all Chrome vulnerabilities are memory safety issues) (In 2020, 63% of all).
Google said that it plans to publish an annual Zero-Day Year in Review report each year, going forward.
ITL Bulletin , Security Considerations for Exchanging Files Over the Internet | CSRC
https://csrc.nist.gov/publications/detail/itl-bulletin/2020/08/security-considerations-for-exchanging-files-over-the-internet/final
https://csrc.nist.gov/publications/detail/itl-bulletin/2020/08/security-considerations-for-exchanging-files-over-the-internet/final
CSRC | NIST
ITL Bulletin August 2020, Security Considerations for Exchanging Files Over the Internet
Every day, in order to perform their jobs, workers exchange files over the Internet through email attachments, file sharing services, and other means. To help organizations reduce potential exposure of sensitive information, NIST has released a new Information…
Forwarded from Пост Лукацкого
Проект национального стандарта ГОСТ Р
«Защита информации. Обнаружение, предупреждение и ликвидация последствий компьютерных атак и реагирование на компьютерные инциденты. Термины и определения» https://t.co/N0WAs5uirc— Alexey Lukatsky (@alukatsky) August 4, 2020
«Защита информации. Обнаружение, предупреждение и ликвидация последствий компьютерных атак и реагирование на компьютерные инциденты. Термины и определения» https://t.co/N0WAs5uirc— Alexey Lukatsky (@alukatsky) August 4, 2020
Cyber Career Pathways Tool | National Initiative for Cybersecurity Careers and Studies
https://niccs.us-cert.gov/workforce-development/cyber-career-pathways
https://niccs.us-cert.gov/workforce-development/cyber-career-pathways
National Initiative for Cybersecurity Careers and Studies
Cyber Career Pathways Tool
Interactively explore the NICE Cybersecurity Workforce Framework according to five distinct skill communities and attributes for 52 work roles.
AI-enabled future crime | Crime Science | Full Text
https://crimesciencejournal.biomedcentral.com/articles/10.1186/s40163-020-00123-8
https://crimesciencejournal.biomedcentral.com/articles/10.1186/s40163-020-00123-8
SpringerLink
AI-enabled future crime
Crime Science - A review was conducted to identify possible applications of artificial intelligence and related technologies in the perpetration of crime. The collected examples were used to devise...