Technofile: Contingency Planning \ Disaster Management
08/13/2007 - Contingency and computer-security emergency-response plans must be kept in a state of readiness. Three key components of readiness are tests that ensure that the plan will work as described; training that informs personnel of their roles and responsibilities vis-a-vis the plan; and exercises that simulate an emergency to test the plan's viability. The National Institute of Standards and Technology has created an in-depth guide to tests, training, and exercise programs as they relate to IT plans. The guide includes checklists as well as detailed sample objectives and scenarios. Read the guide: Test, Training, and Exercise Programs for IT Plans and Capabilities.
Beyond Print: ID issues \ Identity Theft
08/13/2007 - The Department of the Treasury, along with several other agencies, has issued a proposed rule that will require financial institutions and creditors to establish a program to reduce identity theft.
Beyond Print: IT Security
08/10/2007 - The National Institute of Justice has issued another in its series of reports on investigating high-tech crimes. It provides guidance on such issues as tracing an Internet address to its source. It also looks at specifics with regard to various issues such as Web site capture tools and Web archiving sites that may help an investigator determine the content of a site at the time the crime was committed. It likewise discusses the unique concerns involved in investigations of instant messenging (IM), chat rooms, and Internet Relay Chat. It notes, for example, "Service providers are not required to retain IP address information. Therefore, when an IM program is involved, time is of the essence." Read the complete report.
Beyond Print: Security Management
08/10/2007 - (ISC)2, a nonprofit involved in educating and certifying information security professionals, has issued its '2007 Resource Guide for Today's Information Security Professional, Global Edition.' The 126-page almanac is available free from the Web site. It lists information about security-focused professional associations, conferences and trade shows, Web sites, online and print publications, and educational institutions in North, Central, and South America and the Europe/Middle East/Africa and Asia-Pacific regions. Read the resource guide.
Beyond Print: Privacy
08/10/2007 - Proponents and opponents of the use of data mining for predicting terrorist events faced off at a congressional hearing. Read their testimonies and judge for yourself which argument cites the best data points.
Beyond Print: Best Practices \ Case Studies
08/10/2007 - The Smart Card Alliance Identity Council has issued guidelines on best practices regarding implementation of radio-frequency technology in identity management systems.
Technofile: Government Reports (GAO etc.)
08/10/2007 - The National Institute of Justice has issued another in its series of reports on investigating high-tech crimes.
Technofile: Security Management
08/10/2007 - (ISC)2 has issued its '2007 Resource Guide for Today's Information Security Professional, Global Edition.'
Technofile: Best Practices \ Case Studies
08/10/2007 - Best practices for RFID in identity management.
Technofile: IT Security
08/10/2007 - Major companies pay increased attention to preventing wireless network intrusion.
Case Study: Surveillance
08/10/2007 - How one company tracks employees' Internet use, including wireless access, to monitor both activity and bandwidth requirements.
08/10/2007 - A trio of computer scientists at Stanford University is developing a conceptual framework for understanding privacy expectations and their implications using the tenets of a principle called contextual integrity.
08/10/2007 - Data mining and privacy. Some say the concepts are in irretrievable conflict.