| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
ISO IEC 17799
|
|
The need for Security Testing An Introduction to the OSSTMM 3.0 There are a number of myths that companies use to discredit the need for Security testing. This whitepaper will address and discount some of those myths. It will describe the different types of Security testing available to companies and finally introduce the OSSTMM version 3.0.
Chuck Fullerton,
11/09/2004
|
|
The Common Criteria ISO/IEC 15408 - The Insight, Some Thoughts, Questions and Issues The Common Criteria – ISO/IEC 15408 – Evaluation Criteria for Information Technology Security represents the outcome of series of efforts to develop criteria for evaluation of IT Security that are broadly useful within the international community.
By Ariffuddin Aizuddin, 07/08/2004
|
|
Internal SLA (Service Level Agreements) for Information Security The purpose of this paper is to advocate for the establishment of internal SLAs between the Information Technology team and the Information Security team.
By Eric Hansen, 07/08/2004
|
|
Protection Profile, A Key Concept in The Common Criteria This paper will give a description of the roadmap to the Common Criteria (CC) that basically explains the distinct but related parts and how three key CC user groups namely the consumers, developers and evaluators use them.
By Nor Ramli, 07/08/2004
|
|
Common Criteria and Protection Profiles: How to Evaluate Information The purpose of this paper is to discuss the standards of Common Criteria and the security framework provided by the Common Criteria. In addition, this paper will review the background and applicability of Common Criteria Protection Profiles established to evaluate specific Information Technology (IT) functional and assurance security requirements.
By Kathryn Wallace, 07/08/2004
|
|
The Trusted PC: Current Status of Trusted Computing This paper, focusing on the Trusted Computing Group’s standards, will provide an overview of trusted computing as it stands today: its methods, applications, possible pitfalls and current implementations.
By Christopher Hageman, 07/08/2004
|
|
An Introduction to Certification and Accreditation This paper will examine the C&A process, the guidance that helps define the Security Requirements, and the responsible parties and their roles, to provide a basic understanding of C&A.
By Joseph Zadjura, 07/08/2004
|
|
Information Security Gets a Seat at the Table Basel II, like many complex issues, requires inter-disciplinary skills, information Security professionals have much to contribute. The issues, practices and even parts of the language are familiar. But to be effective, Information Security professionals need to do a better job of learning the “local language” of the industry they serve.
By Kent Nabors, 07/08/2004
|
|
Site Security Handbook This handbook is a guide to developing computer security policies and procedures for sites that have systems on the Internet. The purpose of this handbook is to provide practical guidance to administrators trying to secure their information and services. The subjects covered include policy content and formation, a broad range of technical system and network security topics, and security incident response.
By B. Fraser, 06/23/2004
|
|
NIST - Guide for Mapping Types of Information and Information Systems to Security Categories This guideline is less prescriptive for mission-based information than for administrative and support information because there is significantly less commonality of mission information types among agencies than is the case for administrative and support information. Types of information can normally be divided into information associated with administrative activities common to most agencies and information associated with an agency’s mission-specific activities. In this guideline, administrative, management, and support information is referred to as management and support information. While specific administrative and support information types are identified in this guideline, the treatment of mission-based information focuses on general guidelines for identification of information types and assignment of impact levels.
By NIST, 06/16/2004
|
|
Page: 1 2 |
