Best Practices Research Reports:: Difference between revisions
Jump to navigation
Jump to search
Line 3: | Line 3: | ||
<br> | <br> | ||
:'''DCIDs: Director of Central Intelligence Directives.''' Director of Central Intelligence Directives (DCIDs) were the principal instrument for defining intelligence community-wide policies. [[Media:dcid-6-3-manual.pdf]]<br> | :'''DCIDs: Director of Central Intelligence Directives.''' Director of Central Intelligence Directives (DCIDs) were the principal instrument for defining intelligence community-wide policies. [[Media:dcid-6-3-manual.pdf]]<br> | ||
<br> | |||
:'''DCIDs: Director of Central Intelligence Directives.''' Protecting Special Access Program Information Within Information Systems policy excerpt: [[Media:JAFAN_6_3.pdf]]<br> | :'''DCIDs: Director of Central Intelligence Directives.''' Protecting Special Access Program Information Within Information Systems policy excerpt: [[Media:JAFAN_6_3.pdf]]<br> | ||
<br> | <br> |
Latest revision as of 16:22, 23 April 2007
Research Reports
A sampling of industry-leading published articles, research reports, and presentations. Topics include public key infrastructure (PKI), incident response, secure architecture, and protecting Web applications.
- DCIDs: Director of Central Intelligence Directives. Director of Central Intelligence Directives (DCIDs) were the principal instrument for defining intelligence community-wide policies. Media:dcid-6-3-manual.pdf
- DCIDs: Director of Central Intelligence Directives. Protecting Special Access Program Information Within Information Systems policy excerpt: Media:JAFAN_6_3.pdf
- An Introduction to Enterprise Public Key Infrastructure: Media:PKI-Primer.pdf
- This paper identifies the key concepts and issues surrounding the technologies and policies required to implement and support an enterprise PKI.
- Avoid Session Management Pitfalls: Media:session-management-security.pdf
- Practical steps, in such areas as authentication, session IDs, and cookies, that companies can take to better ensure secure sessions in their Web applications.
- Best Practices in Configuration Management for Security: Media:configuration-management-security.pdf
- This publication, subtitled "It's 11 O'Clock - Do You Know Where Your Routers Are?", details Best Practices for secure management of the procedures for hardware configuration within your networks.
- Building Secure E-Commerce Applications: Media:Secure-E-Commerce-Applications.pdf
- A Best Practice research report on Building Secure E-Commerce Applications. This research report provides specific guidance to application developers who are creating or revising e-business and e-commerce applications.
- Building a Business Case for Computer Forensics: Media:Business-Case-for-Computer-Forensics.pdf
- Explains how companies should consider the costs involved in determining the kind of forensics they need to fight computer crime.
- Building a Computer Forensics Laboratory: Media:Computer-Forensics-Laboratory.pdf
- Examines the facilities, configuration issues, hardware and gear, software, research material that enterprises need to construct their own incident response and forensics lab.
- Computer Forensics Today: Media:Computer-Forensics-Today.pdf
- Provides a definition for and legal, technical, and investigatory overview of computer forensics.
- Developmental Email Acceptable Usage Standards: Media:Developmental Electronic Mail Acceptable Usage Standard.pdf
- This research report provides best practices guidance that organizations can reference and leverage to assess, improve, or develop an Email Acceptable Use Standard.
- Development of Information Classification Standard: Media:Development-of-Information-Classification-Standard.pdf
- Best Practices guide that organizations can reference and leverage to assess, improve, or develop an Information Classification Standard.
- Development of Information Labeling Standard: Media:Development-of-Information-Labeling-Standard.pdf
- Best Practices guide that organizations can reference and leverage to assess, improve, or develop an Information Labeling Standard.
- Development of Internet Acceptable Use Standards: Media:Development-of-Internet-Acceptable-Use-Standards.pdf
- This research report provides best practices guidance that organizations can reference and leverage to assess, improve, or develop an Internet Acceptable Use Standard.
- Development of an Incident Response Standard: Media:Development-of-an-Incident-Response-Standard.pdf
- This research report provides best practices guidance that organizations can reference and leverage to assess, improve, or develop an Incident Response Standard.
- How To Spend a Dollar on Security: Media:How-To-Spend-a-Dollar-on-Security.pdf
- Discusses how computer security funds should be allotted into various areas: policy, awareness and training, risk assessment, technology, and process.
- Information Security Policy Framework Research Report: Media:Information-Security-Policy-Framework-Research-Report.pdf
- This document describes the Information Security Policy Framework, and provides a high-level explanation and description of the sample policies.
- Safe at Internet Speed: Fast Track to Internet Security: Media:Fast-Track-to-Internet-Security.pdf
- Describes a fast-track method for building security architecture that can securely slash development time for software development processes in which speed is of the essence.
- Secure System Development Life Cycle (SDLC): Media:Secure-System-Development-Life-Cycle.pdf
- A Best Practice research report on a Secure System Development Life Cycle (SDLC) used for building security into your e-Business system and not bolting it on after the damage is done.
- Secure Systems Architecture Research Report: Media:Secure-Systems-Architecture-Research-Report.pdf
- This research report provides guidelines on creating a secure systems architecture -- the road map or set of principles that guides the engineering process and product selection for building a system.
- Secure Your Database
- Describes the practical steps that enterprises can take, such as disabling unnecessary services, encrypting communication, and limiting access through views, to ensuring the safety of databases.
- Security Incident Response Team (SIRT) Development: Media:Security-Incident-Response-Team-(SIRT)-Development.pdf
- This research report, Security Incident Response Team (SIRT) Development, provides a best practices reference that organizations can leverage to design a SIRT organizational framework and develop SIRT procedures. The insights provided in this report are derived from the considerable, real-world experience gained by our consultants in developing SIRT organizational frameworks and procedures for many Fortune 1000 clients.
- Your Computer Forensic Tookit: Media:MiniKit-Computer-Forensic-Tookit.pdf
- Provides an overview of commonly available forensic tools and applications for the key areas of imaging, analysis, conversion, viewing, monitoring, utilities, and software.