Tag Archives: SANS

Internet Worms: Walking on Unstable Ground

Source: SANS Institute Abstract Each day, worms are becoming a more common occurrence on the Internet. As the incidents increase, we must be thinking proactively in order to lessen the negative effects these worms have on the Internet community. It is important to remember that the livelihood of many businesses is based on an Internet presence. The monetary losses incurred by businesses… Read More »


Source: SANS Yesterday, Mark Weatherford took over as Deputy Undersecretary for CyberSecurity at the U.S. Department of Homeland Security. For the first time in many years, the U.S. cybersecurity program will be run by a technologist rather than by a lawyer. There are good reasons to believe that this change will herald an era of greater balance in national cybersecurity leadership… Read More »

A Guide to Security Metrics

Source: SANS Institute This paper covers the basic aspects of security metrics. If you are interested in learning more about information security metrics and auditing, we recommend taking the SANS SEC410 IT Security Audit & Control Essentials course, available both online and via live classroom training. The pressure is on. Various surveys indicate that over the past several… Read More »

Legislation on Cyber Security

Senate Judiciary Committee Approves Three Cyber Security Bills (September 22, 2011) The US Senate Judiciary Committee has approved a bill that would establish a national standard for data breach notification and impose harsh penalties for damaging computers that are part of the country’s critical infrastructure. The committee also passed two other bills dealing with cyber security issues. http://www.bloomberg.com/news/2011-09-22/senate-panel-approves-bill-aimed-at-thwarting-computer-attacks.html… Read More »

SANS’ 20 Critical Security Controls

Source: SANS Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines The Twenty Critical Security Controls have already begun to transform security in government agencies and other large enterprises by focusing their spending on the key controls that block known attacks and find the ones that get through. With the change in FISMA reporting implemented on… Read More »