NIST announced this week that Draft Special Publication (SP) 800-118, Guide to Enterprise Password Management, has been released for public comment. SP 800-118 is intended to help organizations understand and mitigate common threats against their character-based passwords. The guide focuses on topics such as defining password policy requirements and selecting centralized and local password management solutions.
NIST is soliciting comments on the draft publication until May 29, 2009. Submit comments to 800-118comments@nist.gov with "Comments SP 800-118" in the subject line.
The document URL is:
http://csrc.nist.gov/publications/PubsDrafts.html#800-118
►
Monday, April 27, 2009
Friday, April 10, 2009
Governance Pros: CGEIT Is For You
ISACA has introduced its newest certification—Certified in the Governance of Enterprise IT™ (CGEIT™). The CGEIT designation recognizes that as information technology (IT) has become more important to the achievement of enterprise goals and delivery of benefits, governance must be extended to IT. IT governance is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization's IT sustains and extends the organization's strategies and objectives.
Introduced in 2007, The CGEIT is aimed at IT governance professionals with at least five years of experience who are charged with the management, support and counsel of corporate IT governance initiatives. Designed for professionals who wish to be recognized for their IT governance-related experience and knowledge, CGEIT is based on the IT Governance Institute’s (ITGI’s) intellectual property and the input of subject matter experts around the world. CGEIT focuses on:
►
Introduced in 2007, The CGEIT is aimed at IT governance professionals with at least five years of experience who are charged with the management, support and counsel of corporate IT governance initiatives. Designed for professionals who wish to be recognized for their IT governance-related experience and knowledge, CGEIT is based on the IT Governance Institute’s (ITGI’s) intellectual property and the input of subject matter experts around the world. CGEIT focuses on:
- IT governance frameworks;
- Strategic alignment ;
Resource management; - Risk management;
Performance measurement; - Value delivery.
►
Thursday, April 9, 2009
CISA Comes to e-Learning Campus
The CISA Online Review Course is now available on the ISACA e-Learning Campus. This interactive, web-based course provides Certified Information Systems Auditor (CISA) exam candidates and ISACA members with an efficient and cost-effective tool for exam preparation and for performing information systems audits and reviews. For more information, please visit www.isaca.org/elearning.
Monday, April 6, 2009
By the People, for the People
Security Manager's Journal is one of my favorite places on the Internet. SMJ authors are real security managers, and their insights are on target. The Getting the Best from an Audit story is a a good example. The author is faced with a security audit and finds a way to use the auditors to her advantage:
My idea was to ask the auditor to help me develop documentation and processes for the agency that would ensure a formalized system-development life cycle. The new process addresses the security concerns raised by the report. As a result, we now have a suitable framework with which we can begin doing things differently.
There are plenty of other lessons like this one (consider the plight of the manager who had to lay off almost half of his information security staff). It's a good read.
►
My idea was to ask the auditor to help me develop documentation and processes for the agency that would ensure a formalized system-development life cycle. The new process addresses the security concerns raised by the report. As a result, we now have a suitable framework with which we can begin doing things differently.
There are plenty of other lessons like this one (consider the plight of the manager who had to lay off almost half of his information security staff). It's a good read.
►
Subscribe to:
Posts (Atom)
Posts
