MITRE offers recommendation-tracker software and free one-day course

MITRE makes security tool and course available to all, for free Security Strategies Alert NetworkWorld.com | Security Research Center | Update Your Profile Sponsored by Blue Coat Control is Yours. Blue Coat provides a market-leading Application Delivery Network Infrastructure that optimizes and secures the flow of information to any user, anywhere, on any network. You'll now have something only Blue Coat can offer, business intelligence and control. Spotlight Story MITRE offers recommendation-tracker software and free one-day course By M. E. Kabay Application programmers need to test their software for a bewildering list of possible flaws using systematic automated testing. Today I'm presenting some useful free tools to help operations managers and programmers improve security. Read full story M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online. Related News: Cornell a LIIder in cyberlaw resources In the last column, I suggested that information assurance (IA) professionals need to keep abreast of legal developments and provided a list of resources for self-study of cyberlaw. Today I am pointing readers to the single most valuable research tool anyone can find in following developments in law that affect IA (or any kind of law). Pay attention to cyberlaw Not being a lawyer does not absolve us from knowing about basics of the law in the jurisdictions where we work. At a minimum, IA professionals need to be familiar with elements of criminal law such as definitions of cybercrimes, proper procedures for collaborating effectively with law enforcement officials, methods of collecting and preserving data as evidence that can successfully be used in criminal trials, and intellectual property law. Visible Ops Security, Phase 4 In the last four columns, I have been pointing out some of the excellent recommendations from the booklet called "Visible Ops Security: Achieving Common Security and IT Operations Objectives in 4 Practical Steps," by Gene Kim, Paul Love and George Spafford. Today I'm reviewing their chapter entitled, "Phase 4: Continual Improvement." But first, a little historical digression. Visible Ops Security, Phase 3 In the last three columns, I have been highlighting the excellent booklet called "Visible Ops Security: Achieving Common Security and IT Operations Objectives in 4 Practical Steps," by Gene Kim, Paul Love and George Spafford. Today I'm reviewing their chapter entitled, "Phase 3: Implement Development and Release Controls." Visible Ops Security, Phase 2 In the last two columns, I introduced the excellent booklet called Visible Ops Security: Achieving Common Security and IT Operations Objectives in 4 Practical Steps, by Gene Kim, Paul Love and George Spafford. Today I'm reviewing their chapter entitled, "Phase 2: Find Business Risks and Fix Fragile Artifacts." Visible Ops Security, Phase 1 In my last column, I introduced the excellent booklet called "Visible Ops Security: Achieving Common Security and IT Operations Objectives in 4 Practical Steps," by Gene Kim, Paul Love and George Spafford. Phase 1 provides a chilling reminder of how badly information assurance implementation can go wrong. Introducing Visible Ops Security In my last column, I wrote about the Visible Ops Handbook, which I recommend to everyone involved in system and network operations. Today I continue on the same theme by starting a review of the newer booklet, "Visible Ops Security: Achieving Common Security and IT Operations Objectives in 4 Practical Steps," by Gene Kim, Paul Love and George Spafford. Visible Ops Handbook Today I am reviewing a well-known handbook that applies ITIL principles to system and network operations. 'Visible Ops Handbook: Starting ITIL in 4 Practical Steps' by Kevin Behr, Gene Kim and George Spafford (2004) and published by the IT Process Institute, is a superb little booklet available online for $20; a PDF version is also available for download. We use this booklet in the Master of Science in Information Assurance (MSIA) program at Norwich University. Fab tool pick: IceSword weeds out rootkits When you get beyond the fact that this tool was written in China, IceSword has a fan in blogger Jimmy Ray Purser, who has used it to circumvent a number of rootkit hiding methods. Using Server Authentication certificates with the Remote Desktop Gateway Many people seem daunted with the concept of certificates, so Microsoft Subnet blogger Tyson Kopczynski offers a three-part series that dives into how the RD Gateway uses certificates. Microsoft promises integrated, identity-aware security platform In an interview with John “JG” Chirapurath, director of marketing for the Identity & Security (I&S) unit at Microsoft, he discussed Identity Lifecycle Manager 2; Forefront (Stirling); Intelligent Application Gateway SP2 and Microsoft's vision for a comprehensive, identity aware platform. Stop data leaks Yes, you can keep sensitive data from leaving your organization. Our revamped Product Guide tells you what you need to know, including 5 questions to ask data-leak protection vendors before buying. January giveaways from Cisco Subnet and Microsoft Subnet Up for grabs: Two Cisco training courses from Skyline-ATS worth up to $6,990, a Microsoft training course from New Horizons worth up to $2,500, 15 copies each of the hot book titles Microsoft SQL Server 2008 Management and Administration, IPv6 Security and Chained Exploits: Advanced Hacking Attacks. Get all the entry details here. IT Outlook '09 In-depth analysis of the latest enterprise strategies, start-ups to watch, people to know, and more. 9 hot technologies for '09 Our annual rundown, plus a tip or two about how to approach each hot technology. Sponsored by Blue Coat Control is Yours. Blue Coat provides a market-leading Application Delivery Network Infrastructure that optimizes and secures the flow of information to any user, anywhere, on any network. You'll now have something only Blue Coat can offer, business intelligence and control. Effectively Managing Change. Find the right network/system management platforms that leverage the latest IT technologies in this Executive Guide, "The New Network/System Management Challenges." Get a handle on server sprawl, managing 802.11n wireless LANs, and data center automation tool integration. Confidently deploy innovative technologies that drive efficiencies today. Download this Executive Guide now. Executive Guide: Green IT Download this Network World Executive Guide, "Going Green: Trends, tips and case studies," for timely, real-world advice. By adopting an effective green approach to IT you'll save your company money and even bolster company profits. Find out how to make it happen today.   01/13/09 Today's most-read stories: Why Windows 7 will crush Linux Web designers admit to trashing client's Web site Outlook '09 Does Apple have anything to fear from the Palm Pre? Windows 7 beta: Complete resource center to the OS Top 25 software screw-ups Palm Pre vs. Apple iPhone: How they stack up Security experts ID top 25 programming errors NSA helps name most dangerous programming mistakes Joel Snyder's take on SolarWinds' Kiwi buy The Evolution of Network Security Zero in on the hottest security technologies you need to know about in this Executive Guide. Better protect your IT environment with NAC, data leakage prevention controls and auditing tools. Learn more. Compare products, get advice, and check out tests and reviews from the experts at Network World. Over 70 categories. Visit now   This email was sent to security.world@gmail.com Complimentary Subscriptions Available for newsletter subscribers. Receive 50 issues of Network World Magazines, in print or electronic format, free of charge, Apply here. Terms of Service/Privacy   Subscription Services Update your profile To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. Unsubscribe Network World, Inc., 492 Old Connecticut Path, Framingham, MA 01701 Copyright Network World, Inc., 2009 www.networkworld.com