NETWORK WORLD NEWSLETTER: M. E. KABAY ON SECURITY
09/15/05
Today's focus: NIST has busy season
Dear security.world@gmail.com,
In this issue:
* NIST cranks out draft publications over the summer
* Links related to Security
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Nokia
Nokia Secure Access System - Continuing the Legacy of Leadership
with SSL VPNs
VPN solutions based on IP Security (IPSec) have been widely
deployed to securely connect multiple office and campus sites,
and Nokia has been offering award-winning IPSec VPN solutions
for several years with deployments around the world. Until
recently, the same IPSec VPN technology has been used for
enterprise remote access solutions. These solutions were
generally limited to enterprise-supplied equipment, such as
laptop PCs. The emergence of SSL technology employed in Nokia
Secure Access System, however, has significantly changed the
landscape for remote access solutions. Learn more!
http://www.fattail.com/redir/redirect.asp?CID=114391
_______________________________________________________________
FREE NETWORK WORLD PRINT SUBSCRIPTIONS - SIGN UP NOW!
Security is one of the most pressing issues in all of IT, and
you need to stay on top of it. Network World delivers the
hottest security news. Network IT Executives depend upon Network
World for the information they need to keep their networks
secure! SUBSCRIBE TODAY AT:
http://www.fattail.com/redir/redirect.asp?CID=114411
_______________________________________________________________
Today's focus: NIST has busy season
By M. E. Kabay
Studying information assurance through effective statistical
research methods is difficult. People often don't notice
computer security breaches until long after they have occurred
(or not at all) or they are reluctant to report these breaches -
and anyway, there is no centralized agency to collate such
incident reports.
In the absence of clear analytical information, we are often
thrown back upon "best practices." These compendia of common
sense, industry standards, and opinions of security experts are
as close as we get to strict standards in our field.
Anyone interested in helping to define best practices in
information assurance can turn to the National Institute of
Standards and Technology (NIST) Computer Security Resource
Center (CSRC) of the Computer Security Division (CSD). That's
where the Draft Publications are posted for comment
<http://csrc.nist.gov/publications/drafts.html>.
The months of July and August have been a busy season for the
contributors to these drafts. The list of new titles is
unusually long:
* Draft Special Publication 800-56, Recommendation for Pair-Wise
Key Establishment Schemes Using Discrete Logarithm Cryptography
* Draft Special Publication 800-53A, Guide for Assessing the
Security Controls in Federal Information Systems
* Draft Federal Information Processing Standards (FIPS)
Publication 200, Minimum Security Requirements for Federal
Information and Information Systems
* Draft Special Publication 800-18 Revision 1, Guide for
Developing Security Plans for Federal Information Systems
* Draft NIST Special Publication 800-85, PIV Middleware and PIV
Card Application Conformance Test Guidelines
* Draft NIST Special Publication 800-87, Codes for the
Identification of Federal and Federally-Assisted Organizations
* Draft NIST Special Publication 800-40 Version 2, Creating a
Patch and Vulnerability Management Program
* Draft NIST Special Publication 800-81, Secure Domain Name
System (DNS) Deployment Guide
* Draft NIST Special Publication 800-83, Guide to Malware
Incident Prevention and Handling
* Draft NIST Special Publication 800-84, Guide to
Single-Organization IT Exercises
* Draft NIST Special Publication 800-86, Guide to Computer and
Network Data Analysis: Applying Forensic Techniques to Incident
Response
* Draft NIST Special Publication 800-26 Revision 1, Guide for
Information Security Program Assessments and System Reporting
Form
Readers interested in being notified of new security
publications from NIST should sign up for alerts
<http://csrc.nist.gov/compubs-mail.html>.
I'll be looking at some of these Draft Publications in more
detail in upcoming columns.
The top 5: Today's most-read stories
1. McAfee, Omniquad top anti-spyware test
<http://www.networkworld.com/nlsecuritynewsal6949>
2. Google hacking
<http://www.networkworld.com/nlsec6691nlsecuritynewsal6714>
3. Supermarket chain freezes Internet access
<http://www.networkworld.com/nlsec6641nlsecuritynewsal6679>
4. Cisco tackles RFID in the network
<http://www.networkworld.com/nlsec7096>
5. What's the best way to protect against spyware?
<http://www.networkworld.com/nlsecuritynewsal6950>
_______________________________________________________________
To contact: M. E. Kabay
M. E. Kabay, Ph.D., CISSP, is Associate Professor in the
Division of Business and Management at Norwich University in
Northfield, Vt. Mich can be reached by e-mail
<mailto:mkabay@norwich.edu> and his Web site
<http://www2.norwich.edu/mkabay/index.htm>.
New information assurance journal - Norwich University Journal
of Information Assurance (NUJIA). See
<http://nujia.norwich.edu/>
_______________________________________________________________
This newsletter is sponsored by Nokia
Nokia Secure Access System - Continuing the Legacy of Leadership
with SSL VPNs
VPN solutions based on IP Security (IPSec) have been widely
deployed to securely connect multiple office and campus sites,
and Nokia has been offering award-winning IPSec VPN solutions
for several years with deployments around the world. Until
recently, the same IPSec VPN technology has been used for
enterprise remote access solutions. These solutions were
generally limited to enterprise-supplied equipment, such as
laptop PCs. The emergence of SSL technology employed in Nokia
Secure Access System, however, has significantly changed the
landscape for remote access solutions. Learn more!
http://www.fattail.com/redir/redirect.asp?CID=114390
_______________________________________________________________
ARCHIVE LINKS
Archive of the Security newsletter:
http://www.networkworld.com/newsletters/sec/index.html
Security Research Center:
http://www.networkworld.com/topics/security.html
Instant sign-up for Security News Alert:
http://www.networkworld.com/isusecna
Instant sign-up for Virus & Bug Patch Alert:
http://www.networkworld.com/isubug
_______________________________________________________________
FEATURED READER RESOURCE
IS IT THE NETWORK OR THE STORAGE THAT'S THE PROBLEM?
Midsize and larger businesses often find their IT topology has
become a complex mix of servers, networks and storage systems.
Many of these companies also route long-haul traffic over
fiber-based networks - metropolitan-area networks, WANs and
private optical networks. Who's responsible when a
storage-related problem occurs on a fiber network? For more,
click here:
<http://www.networkworld.com/nlsecuritynewsal7053>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2
International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
No comments:
Post a Comment