|
| LINKS
BLACKHAT.COM
DIGITALOFFENSE.NET
METASPLOIT.COM
NESSUS.ORG
OSVDB.ORG
|
| |
|
In this timely book, Digital Defense - What you should know about protecting you company's assets, leading security and privacy expert Thomas J. Parenty demystifies computer and network security for non-technical managers-taking them beyond hackers, firewalls, and virus protection to outline a holistic approach to information security that promotes business growth.
|
|
|
|
| |
A COMPUTER SECURITY AUDIT is a manual or systematic measurable technical assessment of a system or application. Manual assessments include interviewing staff, performing security vulnerability scans, reviewing application and operating system access controls, and analyzing physical access to the systems. Automated assessments, or CAAT's, include system generated audit reports or using software to monitor and report changes to files and settings on a system. Systems can include personal computers, servers, mainframes, network routers, switches. Applications can include Web Services, Microsoft Project Central, Oracle Database (examples only).
|
|
| |
RISK ASSESSMENT is a step in a risk management process. Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat (also called hazard). Quantitative risk assessment requires calculations of two components of risk: R, the magnitude of the potential loss L, and the probability p, that the loss will occur.
|
|
| |
A PENETRATION TEST is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, known as a Black Hat Hacker, or Cracker. The process involves an active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution. The intent of a penetration test is to determine feasibility of an attack and the amount of business impact of a successful exploit, if discovered. It is a component of a full security audit.
|
|
| |
VULNERABILITY ASSESSMENT is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. Examples of systems for which vulnerability assessments are performed for include, but are not limited to, nuclear power plants, information technology systems, energy supply systems, water supply systems, transportation systems, and communication systems. Vulnerability assessments can be conducted for small businesses to large regional infrastructures. Vulnerability from the perspective of Disaster Management means assessing the threats from potential hazards to the population and to the infrastructure developed in that particular. It can be done in political, social, economic and in environmental fields.
|
|
| |
NATIONAL CREDIT UNION ASSOCIATION (NCUA) 12 CFR Part 748
The Gramm-Leach-Bliley Act (the GLB Act or Act) requires the NCUA Board to establish appropriate standards for federally insured credit unions relating to administrative, technical, and physical safeguards for member records and information. These safeguards are intended to: insure the security and confidentiality of member records and information; protect against any anticipated threats or hazards to the security or integrity of such records; and protect against unauthorized access to or use of such records or information that could result in substantial harm or inconvenience to any member. |
|
| |
|
|
| |
|
|
|
|