09/25/2007 - The book is best browsed through in front of a computer, because you’ll be eagerly visiting the Web sites he writes about and trying the software and tactics he describes. Many of the latter I had never heard of. For instance, in a chapter on how to work around censorship (government or corporate) of Web sites, he describes how to access banned Web pages by having them e-mailed to you. No special software is required; just send an e-mail containing the URL of the Web site you want to see to a certain e-mail address, and the full site will be sent back to you inside a return message.
09/25/2007 - If you are an IT security professional or are interested in becoming one, you’ll find a new career guide issued by (ISC)2 to be a helpful resource. The guide describes the types of jobs available (including typical job titles) and explores the various areas of expertise within information security, as well as educational requirements, technical skills needed, salary ranges, and the certifications that can help you advance your career. The guide also includes a list of schools offering IT security curricula and relevant professional associations. @ Career Guide: Decoding the Information Security Profession is at SM Online.
09/25/2007 - Anyone looking for an overview of the elements that make up an information security program can turn to a comprehensive guide released by the National Institute of Standards and Technology (NIST) titled Information Security Handbook: A Guide for Managers. The handbook covers every aspect of security, from awareness and training issues to incident response and recovery strategies. Intended for senior managers, it’s as appropriate for the private sector as it is for government readers; as the authors note, while private- and public-sector requirements may differ, “the underlying principles of information security are the same.” @ Security Management Online has the NIST handbook.
09/25/2007 - Guide for Developing Performance Metrics for Information Security analyzes legislative requirements, describes linkages between strategic planning and information security, and explains types of performance metrics.
09/24/2007 - The Nuclear Regulatory Commission (NRC) has announced its plan to formulate a new rule to guide risk assessments at nuclear power facilities. The risk assessments, which will be performance-based and technology-neutral, will be required before a facility can be issued a license by the NRC. The advance notice of the rulemaking does not set out the specifics of the plan. Instead, the NRC is asking for comments on whether the concept of the plan is reasonable and, if so, how it should be designed and implemented. The comment period expires December 29, 2006. @ read the advance notice of the proposed rule.
09/24/2007 - Jerry H. Ratcliffe, an associate professor of criminal justice at Temple University, has sifted through dozens of studies on the effectiveness of CCTV in an effort to get an answer. His findings are presented in an article that is another in a series that comprises the Department of Justice's problem-oriented guides for police.
09/24/2007 - Guide for Developing Performance Metrics for Information Security analyzes legislative requirements, describes linkages between strategic planning and information security, and explains types of performance metrics.
09/21/2007 - Security manuals and desktop references are certainly not difficult to find—just peruse the ASIS Bookstore—but few publications are as comprehensive as Corporate Homeland Security Desk Reference.