Best Practices Research Reports:

From HORSE - Holistic Operational Readiness Security Evaluation.
Revision as of 16:22, 23 April 2007 by Mdpeters (talk | contribs) (→‎Research Reports)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Research Reports

A sampling of industry-leading published articles, research reports, and presentations. Topics include public key infrastructure (PKI), incident response, secure architecture, and protecting Web applications.

DCIDs: Director of Central Intelligence Directives. Director of Central Intelligence Directives (DCIDs) were the principal instrument for defining intelligence community-wide policies. Media:dcid-6-3-manual.pdf


DCIDs: Director of Central Intelligence Directives. Protecting Special Access Program Information Within Information Systems policy excerpt: Media:JAFAN_6_3.pdf


An Introduction to Enterprise Public Key Infrastructure: Media:PKI-Primer.pdf
This paper identifies the key concepts and issues surrounding the technologies and policies required to implement and support an enterprise PKI.


Avoid Session Management Pitfalls: Media:session-management-security.pdf
Practical steps, in such areas as authentication, session IDs, and cookies, that companies can take to better ensure secure sessions in their Web applications.


Best Practices in Configuration Management for Security: Media:configuration-management-security.pdf
This publication, subtitled "It's 11 O'Clock - Do You Know Where Your Routers Are?", details Best Practices for secure management of the procedures for hardware configuration within your networks.


Building Secure E-Commerce Applications: Media:Secure-E-Commerce-Applications.pdf
A Best Practice research report on Building Secure E-Commerce Applications. This research report provides specific guidance to application developers who are creating or revising e-business and e-commerce applications.


Building a Business Case for Computer Forensics: Media:Business-Case-for-Computer-Forensics.pdf
Explains how companies should consider the costs involved in determining the kind of forensics they need to fight computer crime.


Building a Computer Forensics Laboratory: Media:Computer-Forensics-Laboratory.pdf
Examines the facilities, configuration issues, hardware and gear, software, research material that enterprises need to construct their own incident response and forensics lab.


Computer Forensics Today: Media:Computer-Forensics-Today.pdf
Provides a definition for and legal, technical, and investigatory overview of computer forensics.


Developmental Email Acceptable Usage Standards: Media:Developmental Electronic Mail Acceptable Usage Standard.pdf
This research report provides best practices guidance that organizations can reference and leverage to assess, improve, or develop an Email Acceptable Use Standard.


Development of Information Classification Standard: Media:Development-of-Information-Classification-Standard.pdf
Best Practices guide that organizations can reference and leverage to assess, improve, or develop an Information Classification Standard.


Development of Information Labeling Standard: Media:Development-of-Information-Labeling-Standard.pdf
Best Practices guide that organizations can reference and leverage to assess, improve, or develop an Information Labeling Standard.


Development of Internet Acceptable Use Standards: Media:Development-of-Internet-Acceptable-Use-Standards.pdf
This research report provides best practices guidance that organizations can reference and leverage to assess, improve, or develop an Internet Acceptable Use Standard.


Development of an Incident Response Standard: Media:Development-of-an-Incident-Response-Standard.pdf
This research report provides best practices guidance that organizations can reference and leverage to assess, improve, or develop an Incident Response Standard.


How To Spend a Dollar on Security: Media:How-To-Spend-a-Dollar-on-Security.pdf
Discusses how computer security funds should be allotted into various areas: policy, awareness and training, risk assessment, technology, and process.


Information Security Policy Framework Research Report: Media:Information-Security-Policy-Framework-Research-Report.pdf
This document describes the Information Security Policy Framework, and provides a high-level explanation and description of the sample policies.


Safe at Internet Speed: Fast Track to Internet Security: Media:Fast-Track-to-Internet-Security.pdf
Describes a fast-track method for building security architecture that can securely slash development time for software development processes in which speed is of the essence.


Secure System Development Life Cycle (SDLC): Media:Secure-System-Development-Life-Cycle.pdf
A Best Practice research report on a Secure System Development Life Cycle (SDLC) used for building security into your e-Business system and not bolting it on after the damage is done.


Secure Systems Architecture Research Report: Media:Secure-Systems-Architecture-Research-Report.pdf
This research report provides guidelines on creating a secure systems architecture -- the road map or set of principles that guides the engineering process and product selection for building a system.


Secure Your Database
Describes the practical steps that enterprises can take, such as disabling unnecessary services, encrypting communication, and limiting access through views, to ensuring the safety of databases.


Security Incident Response Team (SIRT) Development: Media:Security-Incident-Response-Team-(SIRT)-Development.pdf
This research report, Security Incident Response Team (SIRT) Development, provides a best practices reference that organizations can leverage to design a SIRT organizational framework and develop SIRT procedures. The insights provided in this report are derived from the considerable, real-world experience gained by our consultants in developing SIRT organizational frameworks and procedures for many Fortune 1000 clients.


Your Computer Forensic Tookit: Media:MiniKit-Computer-Forensic-Tookit.pdf
Provides an overview of commonly available forensic tools and applications for the key areas of imaging, analysis, conversion, viewing, monitoring, utilities, and software.