As technology advances, so do schemes to commit fraud. Therefore, technology can not only be used to perpetrate fraud, but also to prevent and detect it. Using technology to implement real-time fraud prevention and detection programs will enable organizat ...

Standard for practical sanitization of information storage media decisions based on the level of confidentiality of information.

Guidelines for incident handling, particularly for analyzing incident-related data and determining the appropriate response to each incident.

This prudential practice guide (PPG) targets areas where APRA’s ongoing supervisory activities continue to identify weaknesses. Topics addressed include the importance of an overarching framework, systematic IT asset life-cycle management, effective monit ...

A chapter of the Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook (IT Handbook) providing guidance to examiners and financial institutions on audit roles and responsibilities. General action indication ...

US federal guidance on managing a continuous supply of log data; managing log generation and storage; protecting the confidentiality, integrity, and availability of logs; and performing effective analysis of log data.

A set of key security outcome and practice metrics developed by a team of more than 150 government, private, and academic experts. Metrics cover the following business functions: * Application Security o Number of Applications ...

US federal standard for installing, configuring, and maintaining secure servers

This document supports the development, selection, and implementation of measures to be used at the information system and program levels. These measures indicate the effectiveness of security controls applied to information systems and supporting inf ...

US federal guidelines for the development, selection, and implementation to be used at information system and program levels to assess the effectiveness of security controls.

Practical guidance on IT principles and practices to support compliance with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.

ISO 27001 builds on BS 7799 with much more guidance on information security measurement and metrics. This paper complements the ISO/IEC standard for information security management systems by exploring: 1) security measurement objectives, 2) what security ...

US federal guideline describing three types of solutions: full disk encryption, volume and virtual disk encryption, and file/folder encryption. Recommendations for implementing and using each type.

Describes the characteristics of IDPS technologies and provides recommendations for designing, implementing, configuring, securing, monitoring, and maintaining them.

A broad overview of information security program elements to assist US federal agency managers in understanding how to establish and implement an information security program.

This publication provides recommendations for using two vulnerability naming schemes: Common Vulnerabilities and Exposures (CVE) and Common Configuration Enumeration (CCE). SP 800-51 Revision 1 gives an introduction to both naming schemes and makes recomm ...

The Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of the Security Assertion Markup Language (SAML) for Healthcare and the XSPA Profile of the eXtensible Access Control Markup Language (XACML) enable hospitals and other service provide ...

This project supports the US Department of Homeland Security (DHS) Software Assurance Tools and R&D Requirements Identification Program. The objective of part 3, Technology (Tools and Requirements) is the identification, enhancement and development of sof ...

Guidance on challenges related to integration of information security practices into Web service-based SOA design and development. Practical guidance on standards applicable to Web services and common security threats to SOAs based on Web services.

This document describes the foundations of metrics, discusses application of these metrics to control system environments, introduces a metrics taxonomy, and suggests usage of metrics to achieve operational excellence. The security metrics work package ...