Archive for November, 2006

NIST Releases Security Guide for Managers

Wednesday, November 15th, 2006

This guide is specifically written for top level security/info management (CSOs, CIOs etc). It addresses the requirements of various security policies and laws, such as Clinger-Cohen Act (CCA) and FISMA.

Grab a copy from: http://csrc.nist.gov/publications/nistpubs/800-100/sp800-100.pdf

Posted in InfoSec Developments, InfoSec Reading Materials | No Comments »

Some Good Security and Audit Resourcers

Wednesday, November 15th, 2006

I’ve been scouring through my old notes for resources on some audit and security related resources and I bumped into these:

Auditnet Security Management
http://www.auditnet.org/SecurityMgmt.htm

Ask the Auditor: Who is Responsible for Information Security?
http://www.itcinstitute.com/display.aspx?ID=1823
Security Benchmark
http://www.securitybenchmark.com/

Posted in InfoSec Reading Materials | No Comments »

IT Audit Checklist for Risk Management Now Available!

Wednesday, November 15th, 2006

Dan Swanson’s latest white paper is now available at ITCI.
The IT Audit Checklist for Risk Management offers:

  • 80 specific checklist items to help assess your audit-readiness
  • Clarification on what auditors want to see
  • Tips on how to effectively communicate with an auditor
  • Pointers on audit preparation, testing, and reporting

You can grab a copy @
http://www.itcinstitute.com/display.aspx?id=2499

Note: A brief registration is required to download the “free” paper.

Posted in InfoSec Reading Materials, Risk Management | No Comments »

The 2007 ISACA Manila Annual Conference

Wednesday, November 15th, 2006
The 2007 ISACA Manila Annual Conference
March 05, 2007 - March 06, 2007
The 2007 ISACE Manila Annual Conference
You can register for this event here:
http://www.isacaphil.org/eventreg.php?id=27

Posted in Conventions, Events, Seminars, Trainings | 1 Comment »

Webcast: Web Hacking Exposed 2

Wednesday, November 15th, 2006

During this on-demand webcast, you will learn:

  • Lessons learned by the authors while writing the book
  • How hackers exploit web application vulnerabilities and how to protect your apps
  • New hacking methods not in the book
  • Examples of real Web application hacks

WEBCAST: “Hacking Exposed Web Applications” https://download.spidynamics.com/Registration/hackingexp_web.asp

Posted in Events, Launching, Webcasts | No Comments »

Invitation to SANS Brisbane 2007

Tuesday, November 14th, 2006

SANS information security training is making its annual trip down under! They invite you to join them on 19-24 February at the Hilton in Brisbane where four of SANS top instructors will present the following courses:

Security 401: SANS Security Essentials Bootcamp Style
Instructor: Marcus Sachs, SRI International
http://www.sans.org/info/1791

Security 504: Hacker Techniques, Exploits & Incident Handling
Instructor: Mike Poor, Intelguardians
http://www.sans.org/info/1792

Security 508: System Forensics, Investigation & Response
Instructor: Rob Lee, ManTech CFIA
http://www.sans.org/info/1793

 Security 617: Assessing and Securing Wireless Networks
Instructor: Mark Hofman, Shearwater Solutions
http://www.sans.org/info/1794

Each of the links above provides you with complete course descriptions to help you make the right choice for your training needs.  All four of these courses are hands on, meaning that you will return to work with actionable skills you can use immediately to improve the security of your networks and systems.  The $250 tuition fee discount is still available, but only through 10 January.  So get all your plans in order and register before the busy holiday season gets into full swing!

SANS Brisbane 2007 - the world’s best information security training in one of the most beautiful and relaxing cities in Australia.
(http://www.sans.org/info/1795)

Posted in Certifications, Events, Trainings | No Comments »