Rules and guidance for security, integrity, and confidentiality of information and operations, including privacy guidelines that indicate broad-reaching data management practices.
High-level guidance supporting the harmonization of national privacy legislation that upholds human rights while preventing interruptions in international flows of data. Includes basic principles for privacy legislation.
A recommendation encouraging efforts by OECD member countries to establish compatible, technology-neutral approaches for effective domestic and cross-border electronic authentication of persons and entities.
A basic open-source manual for computer forensics, covering methodology, process and delving into technical standard operating procedures.
OWASP builds documents, tools, teaching environments, guidelines, checklists, and other materials to help organizations improve their capability to produce secure code. Materials are developed and continually expanded by a worldwide free and open communit ...
A framework for businesses, non-profits, and governmental agencies. Considerations should include but not be limited to preventative, containment, and reactive practices and business policies. Key components include: 1. Data Classification 2. A ...
The Open Web Application Security Project (OWASP) is an open-source application security project. The OWASP community includes corporations, educational organizations, and individuals from around the world. This community works to create freely-available ...
The Guide offers a roadmap through the thicket of dense health privacy laws and rules that many patients have questions about. The purpose of this guide is to help patients cut through the red tape and understand how to make health privacy laws work to pr ...
Describes 12 Payment Card Industry (PCI) Data Security Standard (DSS) requirements.
This document provides guidance and installation suggestions for testing and/or deploying 802.11 Wireless Local Area Networks (WLAN) for organizations that require Payment Card Industry Data Security Standard (PCI DSS) v1.2 compliance.
Canadian regulation covering the collection, use, and disclosure of personal information by private-sector companies.
Standard for personnel risk assessment, training, and security awareness. Part of the NERC CIP cybersecurity framework for the protection of the US Bulk Electric System.
Standard for the implementation of a physical security program for the protection of Critical Cyber Assets. Part of the NERC CIP cybersecurity framework for the protection of the US Bulk Electric System.
This prudential practice guide (PPG) targets areas where APRA’s ongoing supervisory activities continue to identify weaknesses. Topics addressed include the importance of an overarching framework, systematic IT asset life-cycle management, effective monit ...
Requirements for reporting disturbances or unusual occurrences, suspected or determined to be caused by sabotage. Part of the NERC CIP cyber security framework for the protection of the US Bulk Electric System.
This project supports the US Department of Homeland Security (DHS) Software Assurance Tools and R&D Requirements Identification Program. The objective of part 3, Technology (Tools and Requirements) is the identification, enhancement and development of sof ...
The second edition of the Cloud Security Alliance (CSA) published guidelines for secure cloud computing, including an architectural framework, authoritative definition of cloud computing, and recommendations around cloud security. The CSA report tackles ...
Requires that Responsible Entities have minimum security management controls in place to protect Critical Cyber Assets. Part of the NERC CIP cyber security framework for the protection of the US Bulk Electric System.
This document describes the foundations of metrics, discusses application of these metrics to control system environments, introduces a metrics taxonomy, and suggests usage of metrics to achieve operational excellence. The security metrics work package ...
An framework for risk-sensitive secure software development. SAMM includes guidance on: 1) Evaluating an organization's existing software security practices; 2) Building a balanced software security program in well-defined iterations; 3) Demonstrating con ...
Instructions, recommendations, and considerations for interim measures to recover information system services after a disruption. The guide defines a seven-step contingency planning process that an organization may apply to develop and maintain a viable c ...
Contains an appendix cross-mapping HIPAA privacy and security requirements with various NIST 800 Series information security standards.
Standard for methods, processes, and procedures for securing cyber assets. Part of the NERC CIP cybersecurity framework for the protection of the US Bulk Electric System.
This Guide identifies and describes the key characteristics that make up any effective risk assessment methodology, thus providing a common set of criteria for evaluating any given risk assessment methodology against a clearly defined common set of essent ...
A practical framework for model-based risk management of security-critical systems by exploiting the synthesis of risk analysis methods with semiformal specification methods, supported by an adaptable open source tool-integration platform. Accompanied by
A standard for information security controls, including information risk analysis, security architecture, securing business applications, monitoring compliance, information classification, and information security strategy. (Free registration required for
VerIS is a set of metric definitions designed to provide a common language for describing security incidents in a structured and repeatable manner. The framework's goal is to lay a foundation on which security practitioners can constructively and coop ...
