| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
ISO IEC 17799
|
|
The New Common Criteria Security Evaluation Scheme and the Windows 2000 Evaluation The award of Windows 2000 Common Criteria (CC) impacts everyone who uses, deploys, and manages Windows 2000 based infrastructures. Common Criteria provides a certain level of quality assurance by allowing customers to apply a consistent, stringent, and independently verified set of evaluation requirements. It also provides customers with detailed information on enabling higher security in their actual implementation and deployment of Windows 2000. Windows 2000 CC empowers customers to make informed security decisions in several ways:
04/23/2004
|
|
Using a Capability Maturity Model to Derive Security Requirements This model provides industry best practice guidance without being specific as to how security solutions are implemented. A security engineer is often assigned to a project that already has defined security objectives. But on occasion, the security engineer may be tasked with the initial definition of the objectives. While this assignment may be exciting because of the important role the security engineer is to play, it may also be somewhat daunting due to the large solution space. In order to guide one's efforts in this task, the security engineer could turn to the Systems Security Engineering Capability Maturity Model (SSE-CMM). The SSE-CMM provides a broad list of "base practices" from which the security engineer can benefit when defining the objectives of the security implementation. This paper will discuss the use of these base practices in the formation of security requirements.
03/26/2004
|
|
Introduction to ITIL ITIL stands for Information Technology Infrastructure Library, it is a framework used for IT process management. It started in the late 1980's by the UK's Office of Government and Commerce (OGC). It was originally a set of 40 different books, but has recently been streamlined into 7 different sections. Each section describes a set of Service Management Processes. ITIL is an industry, technology, and vendor independent de facto standard.
Mitchell Rowton,
03/19/2004
|
|
NIST - Security Metrics Guide for Information Technology Systems This document provides guidance on how an organization, through the use of metrics, identifies the adequacy of in-place security controls, policies, and procedures. It provides an approach to help management decide where to invest in additional security protection resources or identify and evaluate nonproductive controls. It explains the metric development and implementation process and how it can also be used to adequately justify security control investments. The results of an effective metric program can provide useful data for directing the allocation of information security resources and should simplify the preparation of performance-related reports.
03/01/2004
|
|
COBIT Mapping COBIT Control Objectives for Information and related Technology was originally released as an IT process and control framework linking IT to business requirements. It was initially used mainly by the assurance community in conjunction with business and IT process owners. Beginning with the addition of Management Guidelines in 1998, COBIT is now being used more and more as a framework for IT governance, providing management tools such as metrics and maturity models to complement the control framework.
02/23/2004
|
|
Engineering Principles for Information Technology Security (A Baseline for Achieving Security) NIST has completed Revision A of NIST Special Publication 800-27, Engineering Principles for Information Technology Security (A Baseline for Achieving Security). In response to public comments received after the release of the original document, Revision A updates SP 800-27 by grouping principles into categories to facilitate understanding and use.
02/23/2004
|
|
Page: 1 2 |
