SEARCH RESULTS
 
Showing 1-10 of 36 records
 
Expand article

Effective Security with a Continuous Approach to ISO 27001 Compliance

2008-07-10 13:00:00 by Editor in Computerworld Security News
 
...ISO 27001 standard is primarily referred to as the Information Security Management System (ISMS) certification standard. Organizations that seek to implement an ISMS are examined against ISO 27001. As with several global standards, the scope of this standard is far reaching, with several sets of control objectives and guidelines. Its...
 
Tags: iso, tripwire enterprise, tripwire enterprise solution, adopt iso, tripwire, certification standard, certification, standard, plague companies
 
 
 
 
Expand article

How To Burn An ISO Image To A Bootable CD

2007-10-09 00:26:44 by Editor in Irongeek's Security Site
 
New Video: How To Burn An ISO Image To A Bootable CD Ok, I know it does not seem a worth topic for the Hacking Illustrated Series InfoSec Tutorial Videos, but you have to admit the question gets asked a lot. Now we have something to point people to when they ask on forums how to burn an ISO using a free application. Feel free to link to this...
 
Tags: iso, iso image, bootable cd, free, free application, question, worth topic, link, lot
 
 
 
 
Expand article

ISO 27001 Adoption Poll Results are In

2008-08-28 09:00:00 by Dave Howell in Speaking of Security, the RSA Blog and Podcast
 
...ISO 27001" adoption. A question posed to readers at the end of the piece: "How far off are we from the point at which ISO 27001 certifications in the U.S. are standard operating procedure for businesses -- the exception, rather than the rule Well, the results are in! Our servers nearly crashed thanks to the influx of responses, but,...
 
Tags: iso, results, piece, question posed, adoption, weeks ago, standard, rule, influx
 
 
 
 
Expand article

The Long Road Towards an ISO 27001 "Tipping Point" (and a true Reader's Poll!)

2008-07-22 00:00:00 by Dave Howell in Speaking of Security, the RSA Blog and Podcast
 
...ISO 27002 , or active work to get the standard implemented in some fashion. This isn't necessarily surprising, particularly when you're talking with highly regulated companies or those more apt to understand information risk management, overall (e.g., those in banking, insurance and utilities, or more recently, thanks to PCI DSS , retail)....
 
Tags: security controls, information risk management, security, steady increase, deep view, incredibly broad, adopt iso, pci dss, types
 
 
 
 
Expand article

How Do I Get ISO27001 Certification?

2008-05-20 17:31:23 by Posted By: Carsten Casper, Research Director in IT Leaders - Security and Risk Management
 
...ISO 27001 (or at least of its U.K. predecessor, BS7799-2). Now, more and more people wonder: How do I get a certificate for my organization? While in some countries (such as the U.K. and Germany), it's more common to get a certificate, in the U.S. it's not. Well, there are two ways to approach this: Find an accredited auditor (person), or...
 
Tags: certification body, body, register, international register, body schedules, list, international standard iso, tv companies, iso
 
 
 
 
Expand article

Risk Management and Analysis Standards Update

2008-06-17 16:51:27 by Alex in RiskAnalys.is
 
...ISO risk management stuff, theres OCTAVE and NIST 800-30 and AS/NZ 340 and CRAM and FRAP and others And this is where I think FAIR and The Open Group have a good fit. FAIR as a model for analysis, does not compete but rather compliments OCTAVE and NIST 800-30 and ISO 2700x (That reminds me, Rybolov, Ive got to respond to your 800-30 article)....
 
Tags: risk management, risk management departments, risk management effort, standards, risk, risk management efforts, risk management issues, security standards, risk management standards
 
 
 
 
Expand article

The Arizona Office of the Auditor General finds plenty of holes

The Article has images
2008-06-23 12:28:27 by Evan Francen in The Breach Blog
...ISO) positions and made these ISOs responsible for information security efforts university-wide. Until the ISOs were hired, the universities have not had any staff whose sole responsibility included directing and coordinating all aspects of information security across the university Evan] Typically, this position is more effective if it...
 
Tags: information, information security officer, personal information, information security staffs, confidential information, information security, university information, sensitive information, sensitive
 
 
 
 
Expand article

Orkut XSS Worm

2007-12-20 16:18:37 by RSnake in ha.ckers.org web application security lab
 
...ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Content-Type: application/x-www-form-urlencoded Referer: http://www.orkut.com/Scrapbook.aspx?uid Cookie: -xxxxxxxxx Pragma: no-cache Cache-Control: no-cache Content-Length: 98 POST...
 
Tags: orkut, worm, post, community, orkut community, post scrapbook, xss worm, post requests, worm code
 
 
 
 
Expand article

Moto Q9 DoS and Fingerprinting

2008-01-12 18:10:21 by RSnake in ha.ckers.org web application security lab
 
...iso-8859-1, utf-8, utf-16, *;q=0.1 HTTP ACCEPT ENCODING = deflate, gzip HTTP ACCEPT LANGUAGE = en HTTP CACHE CONTROL = no-cache HTTP USER AGENT = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Opera 8.65 [en] UP.Link/6.3.1.17.0 HTTP VIA = 1.1 alnmagr1fe09WAP2-mbl HTTP X UP DEVCAP ACCEPT LANGUAGE = en HTTP X UP DEVCAP CHARSET =...
 
Tags: accept language, accept, devcap, devcap charset, devcap numsoftkeys, accept charset, devcap screenpixels, cell phone hacker, phone
 
 
 
 
Expand article

Maslow's heirarchy of security posture?

The Article has images
2007-07-08 17:22:32 by RaviC in Musings on Information Security
...ISO 27001, COBIT]. These are companies that are ISO 27001 compliant or heading in that direction. They routinely audit security practices, identify non-conformances and act on it to improve and this process goes on and on. These companies tend to be mid-size to large publicly traded companies. Financial institutions strive hard to be in this...
 
Tags: security posture, basic security posture, security, basic security, security practices, handle security incidents, security exists, security components,