Standards & Guidelines

NIST SP 800-37 Rev. 2: Risk Management Framework for Information Systems and Organizations

The National Institute of Standards and Technology (NIST) has released a new risk management framework guideline. NIST has named the document Security Publication (SP) 800-37 Rev. 2: "Risk Management Framework for Information Systems and Organizations: ...
Read More

Many organizations lacking adoption of key CIS controls

A recent survey conducted by Tripwire revealed organizations are not fully adopting security controls from key benchmarks, such as the Center for Internet Security (CIS). CIS established the "top 20" set of critical security controls ...
Read More
/ CIS, SANS, Standards & Guidelines

PCI DSS 3.2.1 Security Standard update

The PCI Security Standards Council (PCI SSC) has published a minor revision to the PCI Data Security Standard (PCI DSS) for organizations that handle branded credit cards from the major card networks. The latest version ...
Read More

PCI security standards for mobile point of sale

The PCI Security Standards Council (PCI SSC) announced a new PCI Security Standard for software-based PIN entry on commercial off-the-shelf devices (COTS), to include smartphones and tablets. According to the press release on Wednesday, the PCI Software-Based PIN ...
Read More

My 6 Favorite Mac Security Hardening Recommendations

In the wake of Apple's most recent and embarassing blunder regarding the macOS High Sierra root login flaw, I felt it was a good time to revisit Apple Mac hardening guidelines that can help users ...
Read More

What Are Application Containers And How Do I Secure Them?

You may have wondered what application containers are, let alone how to secure them. The National Institute of Standards and Technology (NIST) sets out to explain the benefits and security concerns with application container technologies ...
Read More

New Email Security Guidelines To Combat Phishing Threats

The NIST standard, SP 800-177 Revision 1, Trustworthy Email (Draft) was released last month and offers up-to-date security guidance to include SPF, DKIM, DMARC, and email digital signatures and encryption (via S/MIME), among others. Update: ...
Read More

Introduction to Information Security: 11 Key Takeaways

In case you missed it, the National Institute of Standards and Technologies (NIST) published a new guideline "An Introduction to Information Security" for individuals looking to get a better understanding of introductory information security best ...
Read More
Loading...

Tags: