Forwarded from Пост Лукацкого
Австралия разработала пруденциальный стандарт для борьбы с кибератаками для финансовых организаций - https://t.co/mPVLbQFUql
— Alexey Lukatsky (@alukatsky) November 19, 2018
— Alexey Lukatsky (@alukatsky) November 19, 2018
www.apra.gov.au
APRA finalises prudential standard aimed at combating threat of cyber attacks | APRA
The Australian Prudential Regulation Authority (APRA) has released the final version of its prudential standard focused on information security management.
2018_11_16_1_2_draft_agenda_plen.pdf
76 KB
16 ноября состоялось 4 пленарное заседание EDPB (метарегулятор по GDPR ЕС). Повестка встречи во вложении, пресс-релиз ниже по тексту.
European Data Protection Board - Fourth Plenary session: EU-Japan draft adequacy decision, Clinical Trials Regulation and territorial scope. | European Data Protection Board
https://edpb.europa.eu/news/news/2018/european-data-protection-board-fourth-plenary-session-eu-japan-draft-adequacy_en
https://edpb.europa.eu/news/news/2018/european-data-protection-board-fourth-plenary-session-eu-japan-draft-adequacy_en
European Data Protection Board - European Commission
European Data Protection Board - Fourth Plenary session: EU-Japan draft adequacy decision, Clinical Trials Regulation and territorial…
ISACARuSec
European Data Protection Board - Fourth Plenary session: EU-Japan draft adequacy decision, Clinical Trials Regulation and territorial scope. | European Data Protection Board https://edpb.europa.eu/news/news/2018/european-data-protection-board-fourth-plenary…
Из основного :ожидается публичное обсуждение гайда по территориальной применимости GDPR.
Тоже ведь awareness.
https://www.anti-malware.ru/news/2018-11-20-1447/28079
https://www.anti-malware.ru/news/2018-11-20-1447/28079
Anti-Malware.ru
Российские военные пройдут курс по защите государственной тайны
С 2019 года российские военнослужащие будут обязаны пройти обязательный курс по основам защиты государственной тайны. Курс обязателен к прохождению даже для тех военных, которые не имеют
Forwarded from Offshore Channel
🇺🇳 Управление ООН по наркотикам и преступности подготовило онлайн курс по криптовалютам https://learning.elucidat.com/course/58fb3c1e96024-5947c6b4cac4a
SP 800-57 Part 2 Rev. 1 (DRAFT), Best Practices for Key Management Organizations | CSRC
https://csrc.nist.gov/publications/detail/sp/800-57-part-2/rev-1/draft
https://csrc.nist.gov/publications/detail/sp/800-57-part-2/rev-1/draft
CSRC | NIST
NIST Special Publication (SP) 800-57 Part 2 Rev. 1 (Draft), Recommendation for Key Management, Part 2: Best Practices for Key Management…
NIST Special Publication (SP) 800-57 provides cryptographic key management guidance. It consists of three parts. Part 1, Recommendation for Key Management, Part 1: General, provides general guidance and best practices for the management of cryptographic keying…
По отчету парламента Великобритании их КИИ под угрозой.
Security warning: UK critical infrastructure still at risk from devastating cyber attack | ZDNet
https://www.zdnet.com/article/uk-critical-national-infrastructure-at-risk-from-devastating-cyber-attacks-says-government-report/
Security warning: UK critical infrastructure still at risk from devastating cyber attack | ZDNet
https://www.zdnet.com/article/uk-critical-national-infrastructure-at-risk-from-devastating-cyber-attacks-says-government-report/
ZDNet
Security warning: UK critical infrastructure still at risk from devastating cyber attack | ZDNet
Not enough is being done to protect against cyber attacks on energy, water and other vital services.
Минобороны США и министерство внутренней безопасности США договорились о зонах ответственности и координации при инцидентах ИБ.
DoD, DHS reach accord on new steps to cooperate in cyber defense - Federal News Network
http://federalnewsnetwork.com/cybersecurity/2018/11/dod-dhs-reach-accord-on-new-steps-to-cooperate-in-cyber-defense/
DoD, DHS reach accord on new steps to cooperate in cyber defense - Federal News Network
http://federalnewsnetwork.com/cybersecurity/2018/11/dod-dhs-reach-accord-on-new-steps-to-cooperate-in-cyber-defense/
Federal News Network
DoD, DHS reach accord on new steps to cooperate in cyber defense | Federal News Network
A newly-signed memorandum of understanding sets out new ways in which DHS and DoD will share resources to combat cyber threats.
Муди начнет при выставлении кредитных рейтингов учитывать их киберзащищенность. Аналогичные руководства выпустили S&P, Fitch.
Moody's to build business hacking risk into credit ratings
https://www.cnbc.com/2018/11/12/moodys-to-build-business-hacking-risk-into-credit-ratings.html
Moody's to build business hacking risk into credit ratings
https://www.cnbc.com/2018/11/12/moodys-to-build-business-hacking-risk-into-credit-ratings.html
CNBC
Moody's is going to start building the risk of a business-ending hack into its credit ratings
We're getting closer to the time where a cyber event will prove to be business ending, and Moody's wants to be able to find companies with the most exposure
ISACARuSec pinned «Муди начнет при выставлении кредитных рейтингов учитывать их киберзащищенность. Аналогичные руководства выпустили S&P, Fitch. Moody's to build business hacking risk into credit ratings https://www.cnbc.com/2018/11/12/moodys-to-build-business-hacking-risk…»
До конца этого года Департамент внутренней безопасности США планирует составить список критически важных функций.
DHS Aims to ID Critical Functions to Protect from Cyberattacks by Year’s End - Nextgov
https://www.nextgov.com/cybersecurity/2018/11/dhs-aims-id-critical-functions-protect-cyberattacks-years-end/152909/
DHS Aims to ID Critical Functions to Protect from Cyberattacks by Year’s End - Nextgov
https://www.nextgov.com/cybersecurity/2018/11/dhs-aims-id-critical-functions-protect-cyberattacks-years-end/152909/
Nextgov.com
DHS Aims to ID Critical Functions to Protect from Cyberattacks by Year’s End
After the Homeland Security Department identifies the critical functions, it plans to map out all their dependencies.
Для поставщиков в госструктуры США вступают новые требования по кибербезопасности.
GSA proposes new cybersecurity reporting rules for contractors
https://www.fedscoop.com/gsa-proposes-2-new-cybersecurity-reporting-rules-contractors/
GSA proposes new cybersecurity reporting rules for contractors
https://www.fedscoop.com/gsa-proposes-2-new-cybersecurity-reporting-rules-contractors/
FedScoop
GSA proposes new cybersecurity reporting rules for contractors - FedScoop
Two proposed rules from the GSA seek to change how contracting officers communicate agency cybersecurity requirements and contractors report data breaches.
После недавнего образования отделения ISACA в Аммане (Иордания) в ассоциацию входит 221 отделение в 96 странах мира.
4 Tips to Make the Most of Your Security Budget
https://securityintelligence.com/4-tips-to-make-the-most-of-your-security-budget/
https://securityintelligence.com/4-tips-to-make-the-most-of-your-security-budget/
Security Intelligence
4 Tips to Make the Most of Your Security Budget
Getting an increase security budget approved is one thing; spending it effectively is another challenge altogether. Follow these tips to get the most value out of your SOC's funds.
Forwarded from Hacker News
В Германии разработали требования к домашним маршрутизаторам
https://goo.gl/PN1c2t
https://goo.gl/PN1c2t
Сергей Кириенко: «Во власть должны прийти люди из IT» | Экспертный центр электронного государства
http://d-russia.ru/sergej-kirienko-vo-vlast-dolzhny-prijti-lyudi-iz-it.html
http://d-russia.ru/sergej-kirienko-vo-vlast-dolzhny-prijti-lyudi-iz-it.html
Digital Russia
Сергей Кириенко: «Во власть должны прийти люди из IT»
В среду на форуме «Неделя российского Интернета» (Russian Internet Week, RIW2018), проходящем в Москве, первый заместитель главы администрации президента
Exponential risk: The mathematical case for an AI toolkit in enterprise cyber security | ZDNet
https://www.zdnet.com/article/exponential-risk-the-mathematical-case-for-ai-toolkit-enterprise-cyber-security/
https://www.zdnet.com/article/exponential-risk-the-mathematical-case-for-ai-toolkit-enterprise-cyber-security/
ZDNet
Exponential risk: The mathematical case for an AI toolkit in enterprise cyber security | ZDNet
We talk attack vectors and digital security with a threat management pro.
Forwarded from RUSCADASEC news: Кибербезопасность АСУ ТП (Anton Shipulin)
Интересный ресурс (английский) - библиотка шаблонов документов системы управления информационной безопасности в промышленности I-ISMS (Industrial Information Security Management System)
Plan
01 - Company Policy
02 - Scope Definition
03 - Implementation Plan
04 - Asset Register
05 - Risk Management Plan
06 - Risk Register
07 - Statement of Applicability
Do
01 - Guide to Inforsec Vulnerability Analysis
02 - Computer Vulnerability and Risk Analysis
03 - Risk Treatment Plan
04 - Security Controls Identification and Implementation
05 - Business Continuity Plan
06 - Metrics and Measurements
07 - Guide to Windows Hardening
08 - Guide to Windows Firewall Hardening
09 - Guiide to Device Hardening
10 - Guide to Windows Monitoring
11 - Computer Change History
Check
02 - Internal Audit Checklist
03 - Guide to Incident Handling
Act
This part is up to you...
https://nathanpocock.github.io/I-ISMS/
Plan
01 - Company Policy
02 - Scope Definition
03 - Implementation Plan
04 - Asset Register
05 - Risk Management Plan
06 - Risk Register
07 - Statement of Applicability
Do
01 - Guide to Inforsec Vulnerability Analysis
02 - Computer Vulnerability and Risk Analysis
03 - Risk Treatment Plan
04 - Security Controls Identification and Implementation
05 - Business Continuity Plan
06 - Metrics and Measurements
07 - Guide to Windows Hardening
08 - Guide to Windows Firewall Hardening
09 - Guiide to Device Hardening
10 - Guide to Windows Monitoring
11 - Computer Change History
Check
02 - Internal Audit Checklist
03 - Guide to Incident Handling
Act
This part is up to you...
https://nathanpocock.github.io/I-ISMS/
nathanpocock.github.io
Industrial Information Management Security System Template Library
Information Security Management System Document Template Library for Industrial Operations
Опубликовали ГОСТ по управлению мандатными метками в сетевом трафике.
http://protect.gost.ru/v.aspx?control=8&baseC=6&page=0&month=1&year=2018&search=58256&RegNum=1&DocOnPageCount=15&id=223896
http://protect.gost.ru/v.aspx?control=8&baseC=6&page=0&month=1&year=2018&search=58256&RegNum=1&DocOnPageCount=15&id=223896