http://www.cert.org/nav/whatsnew.html en-us Announcements: What's New on the CERT web site http://www.cert.org/podcast/ Students learn how to combine multiple facets of digital forensics and draw conclusions to support full-scale investigations. Tue, 02 Feb 2010 09:32:46 -0500 http://www.cert.org/contact_cert/encryptmail.html CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information. Wed, 20 Jan 2010 14:14:25 -0500 http://www.cert.org/podcast/ The SGMM provides a roadmap to guide an organization's transformation to the smart grid. Tue, 12 Jan 2010 09:51:21 -0500 http://www.cert.org/podcast/ Addressing privacy during software development is just as important as addressing security. Tue, 22 Dec 2009 09:44:19 -0500 http://www.cert.org Fri, 04 Dec 2009 16:32:28 -0500 http://www.cert.org/podcast/ Network defenders and business leaders can use NetSA measures and evidence to better protect their networks. Tue, 01 Dec 2009 09:49:51 -0500 http://www.cert.orghttp://www.sei.cmu.edu/newsitems/cert_TRAC.cfm Twenty-nine competing teams from 20 countries participated in the Tactical Response and Analysis Challenge (TRAC) conducted by the SEI's CERT PRogram as part of the weeklong International Cyber Defense Workshop (ICDW), which concluded November 13, 2009. Tue, 17 Nov 2009 14:39:21 -0500 http://www.cert.org/podcast/ Providing critical services during times of stress depends on documented, tested business continuity plans. Tue, 10 Nov 2009 10:24:37 -0500 http://www.cert.org/archive/pdf/CyLabForeignTheftIP.pdf This report is the third in the quarterly series, Spotlight On, published by the Insider Threat Center at CERT and funded by CyLab. This article focuses on insider theft of intellectual property inside the U.S. involving foreign governments or organizations. Mon, 09 Nov 2009 13:23:01 -0500 http://www.cert.org/flocon/ The deadline to submit abstracts for presentations and demonstrations for FloCon 2010 has been extended to Monday, November 9. Tue, 27 Oct 2009 11:35:44 -0400 http://www.cert.org/archive/pdf/09tr010.pdf This newly updated technical report describes a set of secure design patterns, which are descriptions or templates describing a general solution to a security problem that can be applied in many different situations. Fri, 23 Oct 2009 11:49:52 -0400 http://www.cert.org/podcast/ A defined, managed process for third party relationships is essential, particularly when business is disrupted. Tue, 20 Oct 2009 14:52:15 -0400 http://www.cert.org/podcast/ The smart grid is the use of digital technology to modernize the power grid, which comes with some new privacy and security challenges. Tue, 29 Sep 2009 10:27:54 -0400 http://www.cert.org/podcast/ Electronic health records (EHRs) are possibly the most complicated area of IT today, more difficult than defense. Tue, 08 Sep 2009 10:52:58 -0400 http://www.cert.org/archive/pdf/VRDA_Effectiveness.pdf This paper examines the effectiveness of VRDA in terms of how well it predicts responses. Tue, 25 Aug 2009 11:18:10 -0400 http://www.cert.org/podcast/ 282 cases of actual insider attacks suggest 16 best practices for preventing and detecting insider threat. Tue, 18 Aug 2009 11:20:50 -0400 http://www.cert.org/insider_threat/docs/CyLab%20Insider%20Threat%20Quarterly%20on%20Internet%20Underground%20-%20March%202009P.pdf This report is the second in the quarterly series, Spotlight On, published by the Insider Threat Center at CERT and funded by CyLab. This article focuses on insider threat cases in which the insider had relationships with the internet underground community. Fri, 31 Jul 2009 11:46:23 -0400 http://www.cert.org/podcast/ Automation, innovation, reaction, and expansion are the foundation for obtaining meaningful network traffic intelligence in today's extended enterprise. Tue, 28 Jul 2009 09:55:42 -0400 http://www.cert.org/insider_threat/docs/Insider_Theft_of_IP_Model_MIST09.pdf This paper provides observations about and a preliminary system dynamics model of one class of insider crime based on empirical data. Mon, 20 Jul 2009 14:30:18 -0400 http://www.cert.org/archive/pdf/09tn023.pdf This paper presents a model for automating the elimination of integer overflow and truncation in C and C++ programming code. Fri, 17 Jul 2009 16:18:45 -0400 http://www.sei.cmu.edu/products/courses/p63.html This four-day course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. The course concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. The intent is for thiscourse to be useful to anyone involved in developing secure C and C++ programs regardless of the specific application. Tue, 14 Jul 2009 16:14:49 -0400 http://www.cert.org/podcast/ Business leaders need new approaches to address multi-enterprise, systems of systems risks across the life cycle and supply chain. Tue, 07 Jul 2009 12:37:52 -0400 http://www.cert.org/resiliency/rmm.html CERT has published the first process areas of the Resiliency Management Model, a capability model for operational resiliency management. Thu, 02 Jul 2009 08:52:59 -0400 http://www.cert.org/csirts/national/contest_2009.html The winners of the Best Practices Contest 2009 were announced at the FIRST conference in Kyoto, Japan. Read the winning submissions. Mon, 29 Jun 2009 20:31:46 -0400 http://www.cert.org/contact_cert/encryptmail.html CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information. Mon, 22 Jun 2009 15:18:31 -0400 http://www.cert.org/podcast/ When considering cloud services, business leaders need to weigh the economic benefits against the security and privacy risks. Tue, 16 Jun 2009 10:36:38 -0400 http://www.cert.org/podcast/ Business leaders need to take action to better mitigate sophisticated social engineering attacks. Tue, 26 May 2009 10:21:57 -0400 https://www1.gotomeeting.com/register/845945576 Register for the webinar SQUARE Up Your Security Requirements Engineering with SQUARE. This webinar provides an overview of the SQUARE process and discusses current activities and plans. Fri, 08 May 2009 13:54:42 -0400 http://www.cert.org/podcast/ Now may be the time to examine our responsibilities when developing software with known, preventable errors - along with some possible consequences. Tue, 05 May 2009 09:53:59 -0400 http://www.cert.org/archive/pdf/09sr001.pdf This report provides guidance for making the business case for building software assurance into software products during each software development life-cycle activity. Thu, 30 Apr 2009 14:46:23 -0400 http://www.sei.cmu.edu/products/courses/p76.html Learn how to identify and manage the risk of insider threat in your organization. Register now for the two-day Insider Threat Workshop in Arlington, VA. Fri, 24 Apr 2009 10:45:29 -0400 http://www.cert.org/vuls/discovery/dranzer.html As part of their vulnerability discovery efforts, CERT has released Dranzer, an open source tool that software developers can use to test for ActiveX vulnerabilities. Thu, 16 Apr 2009 07:29:02 -0400 http://www.cert.org/podcast/ Capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs. Tue, 14 Apr 2009 09:39:41 -0400 http://www.cert.org/forensics/tools/ The CERT forensics tools repository, a collection of add-on packages for Fedora, provides many useful cyber forensics tools for analysts and practitioners. Mon, 13 Apr 2009 08:54:16 -0400 http://www.cert.org/podcast/ Observed practice, represented as a maturity model, can serve as a basis for developing more secure software. Tue, 31 Mar 2009 14:13:41 -0400 http://www.cert.org/archive/pdf/09tr010.pdf This technical report describes a set of secure design patters, which are descriptions or templates describing a general solution to a security problem that can be applied in many different situations. Mon, 30 Mar 2009 15:36:06 -0400 http://www.cert.org/podcast/ Requiring secure coding practices when building or buying software can dramatically reduce vulnerabilities. Tue, 17 Mar 2009 10:44:00 -0400 http://www.sei.cmu.edu/about/press/releases/certtechsymposium1.html On March 10, the CERT Program at Carnegie Mellon University's Software Engineering Institute began a two-day technical symposium for a select group of leaders in experts in the cyber security field. Wed, 11 Mar 2009 14:48:22 -0400 http://www.cert.org/research/2008research-report.pdf CERT is developing theoretical foundations and engineering methods to help ensure the security of critical systems and networks. This report describes progress in CERT research projects and opportunities for collaboration. Fri, 06 Mar 2009 15:20:06 -0500 http://www.cert.org/podcast/ Making security strategic to business innovation involves seven strategies and calculating risk-reward based on risk appetite. Tue, 03 Mar 2009 10:40:51 -0500 http://www.sei.cmu.edu/products/courses/p76.html CERT's insider threat research serves as the foundation for this two-day workshop. Mon, 02 Mar 2009 15:04:56 -0500 http://www.first.org/global/practices/ For the second year in a row, the CERT/CC and FIRST are jointly hosting an international competition to honor best practices and advances in safeguarding the security of computer systems and networks. Wed, 25 Feb 2009 10:42:45 -0500 http://www.cert.org/podcast/ Teams are better prepared to respond to incidents if realistic, hands-on training is part of their normal routine. Tue, 17 Feb 2009 11:17:20 -0500 http://www.sei.cmu.edu/about/press/releases/pethia.html Richard D. Pethia, director of the Carnegie Mellon Software Engineering Institute (SEI) CERT Program has been named a recipient of the 2009 CSO Compass Award sponsored by CSO Magazine. Tue, 10 Feb 2009 08:28:32 -0500 http://www.cert.org/podcast/ Standard, compliance, and process are more effective than risk management for ensuring an adequate level of information and software security. Tue, 03 Feb 2009 11:04:14 -0500 http://www.cert.org/archive/pdf/CSG-V3.pdf The third version of this guide includes new and updated practices based on an analysis of approximately 100 recent insider threat cases that occurred from 2003 to 2007 in the United States. Wed, 28 Jan 2009 09:10:16 -0500 http://www.cert.org/podcast/ Rich Pethia reflects on CERTs 20-year history and discusses how he is positioning the program to tackle future IT and security challenges. Tue, 20 Jan 2009 10:48:51 -0500 http://www.cert.org/podcast/ Being able to effectively respond to e-discovery requests depends on well-defined, enacted policies, procedures, and processes. Tue, 06 Jan 2009 11:31:58 -0500 http://www.cert.org/podcast/ Climate change requires new strategies for dealing with traditional IT and information security risks. Tue, 09 Dec 2008 10:45:28 -0500 http://www.cert.org/podcast/ Virtual training environments can deliver high quality content to security professionals on-demand, anywhere, anytime. Tue, 25 Nov 2008 15:05:40 -0500 http://www.cert.org/archive/pdf/REFv0.95R_outline.pdf This document provides a brief overview of the CERT Resiliency Engineering Framework, including purpose statements, goals, and specific practices for each capability area. Thu, 13 Nov 2008 09:22:28 -0500 http://www.cert.org/podcast/ Responding to an e-discovery request involves many of the same steps and roles as responding to a security incident. Tue, 11 Nov 2008 10:12:01 -0500 http://www.cert.org/podcast/ A sustainable security program is based on business-aligned strategy, policy, awareness, implementation, monitoring, and remediation. Tue, 28 Oct 2008 12:12:47 -0400 http://www.cert.org/secure-coding/index.html This book is an essential desktop reference documenting the first official release of the CERT C Secure Coding Standard. Mon, 20 Oct 2008 11:21:40 -0400 http://www.cert.org/stats/ The CERT statistics have been updated with numbers from the third quarter of 2008. Fri, 17 Oct 2008 11:54:32 -0400 http://www.cert.org/podcast/ When considering whether to conduct business in online, virtual communities, business leaders need to evaluate risks and opportunities. Tue, 14 Oct 2008 11:04:29 -0400 http://www.cert.org/podcast/ Integrating security into university curricula is one of the key solutions to developing more secure software. Tue, 30 Sep 2008 15:24:21 -0400 https://forms.cert.org/VulReport/ The interactive form enhances CERT's vulnerability analysis efforts by making it easier for vulnerability reporters to securely submit valuable information. Wed, 17 Sep 2008 15:23:06 -0400 http://www.cert.org/podcast/ OCTAVE Allegro provides a streamlined assessment method that focuses on risks to information used by critical business services. Tue, 16 Sep 2008 10:25:10 -0400 https://www.securecoding.cert.org/confluence/display/java/CERT+Java+Secure+Coding+Standard CERT has released the Java Secure Coding Standard in addition to existing secure coding standards for the C and C++ programming languages. CERT invites the Java community to participate in this effort by reviewing content in the Java space and providing comments. Mon, 08 Sep 2008 15:15:00 -0400 http://http://www.cert.org/archive/pdf/08tn017.pdf Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis presents a live response scenario and compares various approaches and tools used to capture and analyze evidence from computer memory. Tue, 02 Sep 2008 15:46:50 -0400 http://www.cert.org/podcast/ Well-defined metrics are essential to determine which security practices are worth the investment. Tue, 02 Sep 2008 10:16:44 -0400 http://www.cert.org/podcast/ Software security is accomplished by thinking like an attacker and integrating security practices into your software development lifecycle. Wed, 20 Aug 2008 09:55:06 -0400 http://www.cert.org/podcast/ Protecting critical infrastructures and the information they use are essential for preserving our way of life. Tue, 05 Aug 2008 13:22:13 -0400 http://www.cert.org/stats/ The CERT statistics have been updated with numbers from the second quarter of 2008. Tue, 29 Jul 2008 15:11:11 -0400 http://www.cert.org/podcast/ Determining which security vulnerabilities to address should be based on the importance of the information asset. Tue, 22 Jul 2008 11:39:55 -0400 http://www.cert.org/podcast/ Tue, 22 Jul 2008 11:35:23 -0400 http://www.cert.org Because of ongoing problems with the autoresponder messages being interpreted as spam, we have decided to discontinue providing an automatic acknowledgement of email sent to cert@cert.org. This change does not affect how we handle email sent to that address. Fri, 18 Jul 2008 11:22:39 -0400 http://www.cert.org/podcast/ During requirements engineering, software engineers need to think deeply about (and document) how software should behave when under attack. Tue, 08 Jul 2008 10:54:21 -0400 http://www.cert.org/csirts/national/contest_2008.html The winning papers from the first international competition honoring best practices and advances in safeguarding the security of computer systems and networks have been posted. Fri, 27 Jun 2008 11:58:07 -0400 http://www.cert.org/podcast/ Targeted, innovative communications and a robust life cycle are keys for security policy success. Tue, 24 Jun 2008 11:00:03 -0400 http://www.cert.org/archive/pdf/08tr014.pdf This report describes a study conducted by the CERT Secure Coding Initiative and JPCERT to evaluate the efficacy of the CERT Secure Coding Standards and source code analysis tools in improving the quality and security of commercial software projects. Tue, 17 Jun 2008 11:35:48 -0400 http://www.cert.org/podcast/ Managing software that is developed by an outside organization can be more challenging than building it yourself. Tue, 10 Jun 2008 11:19:16 -0400 http://www.cert.org/podcast/ Software security is about building better, more defect-free software to reduce vulnerabilities that are targeted by attackers. Tue, 27 May 2008 11:52:08 -0400 http://www.cert.org/contact_cert/encryptmail.html CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information. Fri, 23 May 2008 15:44:07 -0400 http://www.sei.cmu.edu/community/assurance.html This one-day workshop will explore methods for capturing development costs and benefits associated with software assurance and making the case to executive management. A call for papers has been posted; registration information will soon be available. Thu, 15 May 2008 13:35:04 -0400 http://www.cert.org/podcast/ High performing organizations effectively integrate information security controls into mainstream IT operational processes. Tue, 13 May 2008 11:07:30 -0400 http://www.cert.org/podcast/ Helping your staff learn how to identify social engineering attempts is the first step in thwarting them. Tue, 29 Apr 2008 14:37:46 -0400 http://www.cert.org/blogs/vuls/ In a new blog on the CERT website, CERT staff members will address various issues related to vulnerability analysis. Fri, 18 Apr 2008 12:41:55 -0400 http://www.cert.org/podcast/ Benchmark results can be used to compare with peers, drive performance, and help determine how much security is enough. Tue, 15 Apr 2008 12:49:22 -0400 http://www.cert.org/stats/ The CERT statistics have been updated with numbers from the first quarter of 2008. Mon, 14 Apr 2008 12:26:34 -0400 http://www.sei.cmu.edu/publications/books/cert/software-security-engineering.html Software Security Engineering: A Guide for Project Managers will be published by Addison-Wesley in early May 2008. The book shows project managers how to build security into their software products throughout the development life cycle. Tue, 01 Apr 2008 15:12:28 -0400 http://www.first.org/conference/2008/contest.html Submissions for the first international competition honoring best practices and advances in safeguarding the security of computer systems and networks are due by April 30. The contest is being hosted by FIRST and the CERT/CC. Tue, 01 Apr 2008 14:08:07 -0400 http://www.cert.org/podcast/ Aligning with business objectives, integrating with enterprise risks, and collaborating with stakeholders are key to ensuring information privacy. Tue, 01 Apr 2008 12:43:36 -0400 http://www.cert.org/archive/pdf/08tr007.pdf This report presents a risk-based approach for determining the potential for success of an organization's incident management capability. Mon, 31 Mar 2008 11:29:16 -0400 http://www.first.org/conference/2008/ CERT is a sponsor for the 2008 FIRST Conference, which will be held in Canada in June. This year marks the 20th annual FIRST conference as well as the 20th anniversary of CERT. Fri, 28 Mar 2008 11:59:12 -0400 http://www.cert.org/podcast/ A sound security metrics program is grounded in selecting data that is relevant to consumers and collecting it from repeatable processes. Tue, 18 Mar 2008 09:58:37 -0400 http://www.cert.org/resiliency_engineering/framework.html A draft version of the CERT Resiliency Engineering Framework is now available. We welcome and encourage your feedback on these materials. Mon, 17 Mar 2008 10:58:45 -0400 http://www.cert.org/research/2007research-report.pdf CERT is developing theoretical foundations and engineering methods to help ensure the security of critical systems and networks. This report describes progress in CERT research projects and opportunities for collaboration. Thu, 06 Mar 2008 10:36:25 -0500 http://www.cert.org/podcast/ Significant insider threat vulnerabilities can be introduced (and mitigated) during all phases of the software development life cycle. Tue, 04 Mar 2008 10:27:36 -0500 http://www.first.org/conference/2008/contest.html The first-ever international competition honoring best practices and advances in safeguarding the security of computer systems and networks is announced today by the Forum of Incident Response and Security Teams (FIRST) and Carnegie Software Engineering Institute (SEI) CERT Coordination Center (CERT/CC). Tue, 26 Feb 2008 09:12:17 -0500 http://www.cert.org/podcast/ Business leaders need to understand the risks to their organizations caused by the proliferation of botnets. Tue, 19 Feb 2008 11:20:14 -0500 http://www.antiphishing.org/events/2008_operationsSummit.html CERT will be participating in the Counter eCrime Operations Summit II May 26-27 Tokyo, Japan. Thu, 14 Feb 2008 11:30:38 -0500 http://www.cert.org/podcast/ Selecting and reporting meaningful security metrics depend on picking topics of great interest, defining the business context, and having access to sound data. Tue, 05 Feb 2008 10:47:48 -0500 http://www.cert.org/podcast/ Selecting and reporting meaningful security metrics depend on picking topics of great interest, defining the business context, and having access to sound data. Tue, 05 Feb 2008 10:38:57 -0500 http://www.cert.org/sse/square/square-description.html Workshop, tutorial, and academic educational materials on SQUARE (Security Quality Requirements Engineering) are now available for download. Tue, 22 Jan 2008 10:54:03 -0500 http://www.cert.org/podcast/ Peer-to-peer networks are being used today to unintentionally disclose government, commercial, and personal information. Tue, 22 Jan 2008 10:20:34 -0500 http://www.cert.org/stats/ The numbers from the fourth quarter have been incorporated, completing the 2007 statistics. Tue, 15 Jan 2008 16:29:00 -0500 http://www.cert.org/insider_threat/ Insider Threat Study: Illicit Cyber Activity in the Government Sector and Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector have been released. These reports present the findings of research efforts to examine reported insider incidents within their respective sectors. Wed, 09 Jan 2008 08:54:15 -0500 http://www.cert.org/podcast/ Directors and senior executives are personally accountable for protecting information entrusted to their care. Tue, 08 Jan 2008 10:24:08 -0500 http://www.cert.org/podcast/ Internal Audit can serve a key role in putting an effective information security program in place, and keeping it there. Mon, 10 Dec 2007 22:22:17 -0500 http://www.cert.org/flocon/2008/schedule/ The schedule for the FloCon 2008 conference has been released. Thu, 29 Nov 2007 12:43:57 -0500 http://www.fbi.gov/page2/nov07/botnet112907.html In the second phase of the FBI investigation of botnets, 8 people were indicted, pled guilty, or were sentenced. So far, more than $20 million in losses and more than 1 million victim computers have been identified. Learn how to prevent and report attacks. Thu, 29 Nov 2007 11:14:16 -0500 http://www.cert.org/podcast/ Information security degree programs are proliferating, but what do they really offer business leaders who are seeking knowledgeable employees? Tue, 27 Nov 2007 12:22:15 -0500 http://www.cert.org/podcast/ Information security risk assessment, performed in concert with operational risk management, can contribute to compliance as an outcome. Tue, 13 Nov 2007 12:11:08 -0500 http://www.cert.org/netsa/ Members of the CERT Network Situational Awarness Group presented Fishing for Phishes: Applying Capture-Recaputre Methods to Estimate Phishing Populations at the APWG eCrime Researchers Summit. They also participated in the Report out and Panel: Uncleanliness: Quantifying network reputation. Thu, 01 Nov 2007 11:54:42 -0400 http://www.cert.org/podcast/ Business Leaders can play a key role in computer forensics by establishing strong policies and proactively testing to ensure those policies work in tough situations. Tue, 30 Oct 2007 11:55:11 -0400 http://www.cert.org/stats/ The CERT statistics have been updated with numbers from the third quarter of 2007. Tue, 16 Oct 2007 14:45:14 -0400 http://www.cert.org/podcast/ A business resilience argument can bridge the communication gap that often exists between information security officers and business leaders. Tue, 16 Oct 2007 11:19:12 -0400 http://www.cert.org/vodcast/secure-coding/project.html Robert Seacord discusses the Secure Coding project. Tue, 09 Oct 2007 11:17:59 -0400 http://www.cert.org/podcast/ By taking a holistic view of business resilience - similar in many ways to classical engineering - business leaders can help their operations stand up to known and unknown threats. Tue, 02 Oct 2007 11:33:23 -0400 http://www.cert.org/flocon/2008/index.html The submission deadline for FloCon 2008 is fast approaching! Send a description of your presentation in before midnight October 5, 2007. Fri, 21 Sep 2007 10:01:39 -0400 http://www.cert.org/podcast/ It's easy to think of security as a collection of technologies and tools - but people are the real key to any security effort. Tue, 18 Sep 2007 11:23:42 -0400 http://www.cert.org/archive/pdf/07tn027.pdf This report describes an extension to the C programming language to introduce the notion of ranged integers, that is, integer types with a defined range of values. Thu, 13 Sep 2007 09:48:48 -0400 http://www.cert.org/resiliency_engineering/index.html#events Special information sessions for technical managers, software engineers, and decision makers on the CERT Resiliency Engineering Framework (REF) and Service Oriented Architecture (SOA) are scheduled for October 16 in Frankfurt, Germany, and October 18 in London. More information is available on the SEI site. Wed, 12 Sep 2007 15:27:04 -0400 http://www.cert.org/archive/pdf/ecrimesummary07.pdf The 4th annual E-Crime Watch Survey has been released by CERT, the US Secret Service, CSO Magazine, and Microsoft. Tue, 11 Sep 2007 08:45:08 -0400 http://www.cert.org/vodcast/secure-coding/standards.html Robert Seacord talks about the development of secure coding rules and recommendations for C, C++. and other programming languages. Fri, 07 Sep 2007 13:05:04 -0400 http://www.cert.org/podcast/ Given that you can't secure everything, managing security risk to a "commercially reasonable degree" can lead to the best possible solution. Tue, 04 Sep 2007 15:39:52 -0400 http://www.cert.org/podcast/ Business leaders can use national CSIRTs (Computer Security Incident Response Teams) as a key resource when dealing with incidents with a national or worldwide scope. Tue, 21 Aug 2007 11:43:44 -0400 http://www.cert.org/vodcast/training.html Robert Seacord discusses CERT's offerings in the realm of training in secure coding. Tue, 07 Aug 2007 11:43:24 -0400 http://www.cert.org/podcast/ Information security costs can be significantly reduced by enforcing standard configurations for widely deployed systems. Tue, 07 Aug 2007 11:19:59 -0400 http://www.cert.org/secure-coding/managedstring.html The beta version of the managed string library, developed to improve the quality and security of newly developed C-language programs, is now available. Thu, 02 Aug 2007 16:03:53 -0400 http://www.microsoft.com/technet/security/acknowledge/default.mspx Microsoft has acknowledged Will Dormann of the CERT/CC for identifying and helping to remediate security vulnerabilities in their online services. Will is one of eleven individuals recognized for their efforts. Thu, 02 Aug 2007 11:55:15 -0400 http://www.cert.org/stats/ The layout of the statistics has been updated, and numbers have been added for the second quarter of 2007. Thu, 26 Jul 2007 10:51:50 -0400 http://www.cert.org/podcast/ Security is not an option - but it may be time to start viewing it as a business enabler, rather than just a cost of doing business. Tue, 24 Jul 2007 15:28:42 -0400 http://www.cert.org Robert Seacord will conduct a tutorial, "Secure Coding in C and C++" on September 29 - 30, 2007 at SANS Network Security 2007 in Las Vegas, NV. Tue, 24 Jul 2007 14:06:51 -0400 http://www.cert.org/archive/pdf/malware-7-07.pdf This paper explains how examining artifacts of a computer intrusion, such as malicious code, can identify clues to further investigation of computer-related crimes. Wed, 11 Jul 2007 14:10:56 -0400 http://www.cert.org/podcast Business leaders can use international standards to create a business- and risk-based information security program. Tue, 10 Jul 2007 11:41:00 -0400 Robert Seacord will conduct a one-day tutorial, "Secure Coding in C and C++," on July 25, 2007 at SANSFIRE 2007 in Washington, DC. More details are available on the SANSFIRE 2007 site. Mon, 02 Jul 2007 14:50:59 -0400 http://www.cert.org/pgp/newpgp2007b.html The CERT/CC has issued a new PGP key. It is valid until June 30, 2008. Thu, 28 Jun 2007 16:19:32 -0400 http://www.cert.org/podcast/ Enterprise security governance is not just a vague idea - it can be achieved by implementing a defined, repeatable process with specific activities. Tue, 26 Jun 2007 11:44:59 -0400 http://www.fbi.gov/page2/june07/botnet061307.htm The FBI has identified about 1 million computers across the country that have been compromised by botnets. Learn how to identify, report, and prevent attacks. Wed, 13 Jun 2007 12:44:22 -0400 http://www.cert.org/podcast/ Deploying common solutions for physical and IT security is a cost-effective way to reduce risk and save money. Tue, 12 Jun 2007 11:13:40 -0400 http://www.cert.org/archive/pdf/07tr008.pdf The metrics presented in this document provide a benchmark of incident management practices. Tue, 05 Jun 2007 17:53:35 -0400 http://www.cert.org/podcast Organizations occasionally may need to redefine their IT infrastructures - but to succeed, they must be prepared to handle tricky situations. Tue, 29 May 2007 09:57:00 -0400 http://www.cert.org/podcast/ As the legal compliance landscape grows increasingly complex, de-identification can help organizations share data more securely. Tue, 15 May 2007 11:49:29 -0400 http://www.cert.org/resiliency_engineering/ New information about CERT's security and resiliency engineering work is now available. Thu, 03 May 2007 17:14:10 -0400 http://www.cert.org/podcast/ Business leaders need to ensure that their organizations can keep critical processes and services up and running in the face of the unexpected. Tue, 01 May 2007 09:45:17 -0400 http://www.cert.org/stats/cert_stats.html The CERT statistics have been updated with the numbers from the first quarter of 2007. Mon, 30 Apr 2007 13:58:18 -0400 http://www.cert.org/podcast/ Computer forensics is a critical part of incident response, and business leaders need to understand how to tackle it. Tue, 17 Apr 2007 10:41:06 -0400 http://www.cert.org/podcast/ Incident management is a cross-enterprise effort requiring good communication and informed risk management. Tue, 03 Apr 2007 12:55:52 -0400 http://www.cert.org The Security for Business Leaders podcast series came in at #10 on Podcast Bunker's Top 20 list last week. Thu, 29 Mar 2007 10:29:58 -0400 http://www.cert.org/pgp/newpgp2007.html The CERT/CC has issued a new PGP key. It is valid until March 21, 2008. Fri, 23 Mar 2007 16:03:26 -0400 http://www.cert.org/archive/pdf/GES_IG_2_0703.pdf This second article in the Governing for Enterprise Security Impelementation Guide series defines the components and sequence of activities in an effective Enterprise Security Program (ESP). Fri, 23 Mar 2007 10:15:16 -0400 http://www.cert.org/archive/pdf/GES_IG_3_0703.pdf This third article in the Governing for Enterprise Security Implementation Guide series elaborates on the governance-based activities necessary to achieve and sustain an ESP. Fri, 23 Mar 2007 10:13:20 -0400 http://www.cert.org/podcast/ Business leaders, including legal counsel, need to understand how to tackle complex security issues for a global enterprise. Tue, 20 Mar 2007 13:24:30 -0400 http://www.cert.org/podcast/ System administrators increasingly need business savvy in addition to technical skills, and IT training courses must try to keep pace with this trend. Tue, 06 Mar 2007 10:25:28 -0500 http://www.cert.org/governance/ This new section of the web site highlights research and development in the enterprise security realm. It includes the new Governing for Enterprise Security Implementation Guide Tue, 20 Feb 2007 12:00:00 -0500 http://www.cert.org/podcast/ This conversation discusses how business leaders can prepare to communicate with the media and their staff during a high-profile security incident or crisis. Tue, 20 Feb 2007 12:00:00 -0500 http://www.cert.org/podcast/ This conversation discusses innovative analysis tools needed to assess complex organizational and technological issues. Tue, 6 Feb 2007 12:00:00 -0500 http://www.cert.org/csirts/national/conference2007.html The CERT Coordination Center will be hosting a meeting of CSIRTs with national responsibility in Madrid, Spain from June 23 to June 25, 2007 after the FIRST annual conference in Seville. Fri, 26 Jan 2007 12:00:00 -0500