What is ISO 25000?

Software engineering — Software product Quality Requirements and Evaluation (SQuaRE). The general goal of creating the SQuaRE set of international standards is to move to a logically organized, enriched, and unified series covering two main processes: software quality requirements specification and software quality evaluation, supported by a software quality measurement process.

Read More

What is the NIST Cybersecurity Framework?

The National Institute of Standards released Version 1.0 of the NIST Cybersecurity Framework Feb 12, 2014. The Framework provides a common taxonomy and mechanism for organizations to describe current and target state cybersecurity postures, identify and prioritize opportunities for improvement, and communicate cybersecurity risk. The NIST Cybersecurity Framework Core consists of five concurrent and continuous […]

Read More

What are Some Various Compliance and Regulatory Frameworks?

Recognized frameworks include, at minimum, requirements that a regular vulnerability assessment of either the production network and / or web application be performed. Depending upon your environment the following frameworks potentially required these assessments: Sarbanes-Oxley (SOX); Statements on Standards for Attestation Engagements 16 (SSAE 16 / SOC 1); Service Organization Controls (SOC) 2 / 3; […]

Read More

What are some standards, frameworks and guidelines that auditors use in security audits?

Some of the standards, frameworks and guidelines that auditors use in security audits include: ISO 27001/27002 standards Control Objectives for Information and Technology (COBIT) framework ISACA’s IT Assurance Framework (ITAF) IT Audit and Assurance Guidelines SysTrust and WebTrust frameworks Leading cybersecurity standards and best practices include:  The International Organization for Standardization (ISO), the information […]

Read More

Tools That Should Be In Your Infosec Toolbox

Reference: http://www.proactiverisk.com/tools/ DISCLAIMER The following list of URL’s are a collection of resources broken down by category. The resources are listed numerically in no particular order except for tracking purposes Breach Laws State Breach Laws Hardening Guides Windows: CIS Security Benchmarks for Windows NSA Security Configuration Guides for Windows Microsoft Baseline Security Analyzer Microsoft PC Security Secunia Personal […]

Read More

What is Sarbanes-Oxley Act (SOX) ?

The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation passed by the U.S. Congress to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise, as well as improve the accuracy of corporate disclosures. The U.S. Securities and Exchange Commission (SEC) administers the act, which sets deadlines for […]

Read More

What is Protected Health Information (PHI)?

PHI is Protected Health Information. Protected health information (PHI) under US law is any information about health status, provision of health care, or payment for health care that is created or collected by a “Covered Entity” (or a Business Associate of a Covered Entity), and can be linked to a specific individual. This is interpreted […]

Read More

What is the HIPAA (Health Insurance Portability and Accountability Act) ?

HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996.  HIPAA does the following: Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs; Reduces health care fraud and abuse; Mandates […]

Read More