Best Practices Research Reports:

Research Reports

A sampling of industry-leading published articles, research reports, and presentations. Topics include public key infrastructure (PKI), incident response, secure architecture, and protecting Web applications.

DCIDs: Director of Central Intelligence Directives. Director of Central Intelligence Directives (DCIDs) were the principal instrument for defining intelligence community-wide policies. Media:dcid-6-3-manual.pdf

DCIDs: Director of Central Intelligence Directives. Protecting Special Access Program Information Within Information Systems policy excerpt: Media:JAFAN_6_3.pdf

An Introduction to Enterprise Public Key Infrastructure: Media:PKI-Primer.pdf

This paper identifies the key concepts and issues surrounding the technologies and policies required to implement and support an enterprise PKI.

Avoid Session Management Pitfalls: Media:session-management-security.pdf

Practical steps, in such areas as authentication, session IDs, and cookies, that companies can take to better ensure secure sessions in their Web applications.

Best Practices in Configuration Management for Security: Media:configuration-management-security.pdf

This publication, subtitled "It's 11 O'Clock - Do You Know Where Your Routers Are?", details Best Practices for secure management of the procedures for hardware configuration within your networks.

Building Secure E-Commerce Applications: Media:Secure-E-Commerce-Applications.pdf

A Best Practice research report on Building Secure E-Commerce Applications. This research report provides specific guidance to application developers who are creating or revising e-business and e-commerce applications.

Building a Business Case for Computer Forensics: Media:Business-Case-for-Computer-Forensics.pdf

Explains how companies should consider the costs involved in determining the kind of forensics they need to fight computer crime.

Building a Computer Forensics Laboratory: Media:Computer-Forensics-Laboratory.pdf

Examines the facilities, configuration issues, hardware and gear, software, research material that enterprises need to construct their own incident response and forensics lab.

Computer Forensics Today: Media:Computer-Forensics-Today.pdf

Provides a definition for and legal, technical, and investigatory overview of computer forensics.

Developmental Email Acceptable Usage Standards: Media:Developmental Electronic Mail Acceptable Usage Standard.pdf

This research report provides best practices guidance that organizations can reference and leverage to assess, improve, or develop an Email Acceptable Use Standard.

Development of Information Classification Standard: Media:Development-of-Information-Classification-Standard.pdf

Best Practices guide that organizations can reference and leverage to assess, improve, or develop an Information Classification Standard.

Development of Information Labeling Standard: Media:Development-of-Information-Labeling-Standard.pdf

Best Practices guide that organizations can reference and leverage to assess, improve, or develop an Information Labeling Standard.

Development of Internet Acceptable Use Standards: Media:Development-of-Internet-Acceptable-Use-Standards.pdf

This research report provides best practices guidance that organizations can reference and leverage to assess, improve, or develop an Internet Acceptable Use Standard.

Development of an Incident Response Standard: Media:Development-of-an-Incident-Response-Standard.pdf

This research report provides best practices guidance that organizations can reference and leverage to assess, improve, or develop an Incident Response Standard.

How To Spend a Dollar on Security: Media:How-To-Spend-a-Dollar-on-Security.pdf

Discusses how computer security funds should be allotted into various areas: policy, awareness and training, risk assessment, technology, and process.

Information Security Policy Framework Research Report: Media:Information-Security-Policy-Framework-Research-Report.pdf

This document describes the Information Security Policy Framework, and provides a high-level explanation and description of the sample policies.

Safe at Internet Speed: Fast Track to Internet Security: Media:Fast-Track-to-Internet-Security.pdf

Describes a fast-track method for building security architecture that can securely slash development time for software development processes in which speed is of the essence.

Secure System Development Life Cycle (SDLC): Media:Secure-System-Development-Life-Cycle.pdf

A Best Practice research report on a Secure System Development Life Cycle (SDLC) used for building security into your e-Business system and not bolting it on after the damage is done.

Secure Systems Architecture Research Report: Media:Secure-Systems-Architecture-Research-Report.pdf

This research report provides guidelines on creating a secure systems architecture -- the road map or set of principles that guides the engineering process and product selection for building a system.

Secure Your Database

Describes the practical steps that enterprises can take, such as disabling unnecessary services, encrypting communication, and limiting access through views, to ensuring the safety of databases.

Security Incident Response Team (SIRT) Development: Media:Security-Incident-Response-Team-(SIRT)-Development.pdf

This research report, Security Incident Response Team (SIRT) Development, provides a best practices reference that organizations can leverage to design a SIRT organizational framework and develop SIRT procedures. The insights provided in this report are derived from the considerable, real-world experience gained by our consultants in developing SIRT organizational frameworks and procedures for many Fortune 1000 clients.

Your Computer Forensic Tookit: Media:MiniKit-Computer-Forensic-Tookit.pdf

Provides an overview of commonly available forensic tools and applications for the key areas of imaging, analysis, conversion, viewing, monitoring, utilities, and software.