headlines
April 29, 2008
New Podcast Released
Helping your staff learn how to identify social engineering attempts is the first step in thwarting them.
April 18, 2008
Vulnerability Analysis Blog Published
In a new blog on the CERT website, CERT staff members will address various issues related to vulnerability analysis.
April 15, 2008
New Podcast Released
Benchmark results can be used to compare with peers, drive performance, and help determine how much security is enough.
April 14, 2008
CERT Statistics Updated
The CERT statistics have been updated with numbers from the first quarter of 2008.
April 1, 2008
CERT Authors Publish Book About Building Security into Software Products
Software Security Engineering: A Guide for Project Managers will be published by Addison-Wesley in early May 2008. The book shows project managers how to build security into their software products throughout the development life cycle.
April 1, 2008
Reminder: Entries for Security Awards Due April 30
Submissions for the first international competition honoring best practices and advances in safeguarding the security of computer systems and networks are due by April 30. The contest is being hosted by FIRST and the CERT/CC.
April 1, 2008
New Podcast Released
Aligning with business objectives, integrating with enterprise risks, and collaborating with stakeholders are key to ensuring information privacy.
March 31, 2008
Incident Management Mission Diagnostic Method, Version 1.0 Published
This report presents a risk-based approach for determining the potential for success of an organization's incident management capability.
March 28, 2008
CERT Sponsors FIRST Conference
CERT is a sponsor for the 2008 FIRST Conference, which will be held in Canada in June. This year marks the 20th annual FIRST conference as well as the 20th anniversary of CERT.
March 18, 2008
New Podcast Released
A sound security metrics program is grounded in selecting data that is relevant to consumers and collecting it from repeatable processes.
March 17, 2008
CERT Resiliency Engineering Framework, v0.95R Available
A new review version of the CERT Resiliency Engineering Framework is now available. We welcome and encourage your feedback on these materials.
March 6, 2008
2007 CERT Research Annual Report Published
CERT is developing theoretical foundations and engineering methods to help ensure the security of critical systems and networks. This report describes progress in CERT research projects and opportunities for collaboration.
March 4, 2008
New Podcast Released
Significant insider threat vulnerabilities can be introduced (and mitigated) during all phases of the software development life cycle.
February 26, 2008
FIRST and Carnegie Mellon Software Enginnering Institute CERT Coordination Center Unveil New Security Awards
The first-ever international competition honoring best practices and advances in safeguarding the security of computer systems and networks is announced today by the Forum of Incident Response and Security Teams (FIRST) and Carnegie Mellon® Software Engineering Institute (SEI) CERT® Coordination Center (CERT/CC).
February 19, 2008
New Podcast Released
Business leaders need to understand the risks to their organizations caused by the proliferation of botnets.
February 14, 2008
CERT to Participate in Second Annual Counter eCrime Operations Summit
CERT will be participating in the Counter eCrime Operations Summit II May 26-27 Tokyo, Japan.
February 5, 2008
New Podcast Released
Selecting and reporting meaningful security metrics depend on picking topics of great interest, defining the business context, and having access to sound data.
January 22, 2008
SQUARE Instructional Materials Released
Workshop, tutorial, and academic educational materials on SQUARE (Security Quality Requirements Engineering) are now available for download.
January 22, 2008
New Podcast Released
Peer-to-peer networks are being used today to unintentionally disclose government, commercial, and personal information.
January 15, 2008
CERT Statistics Updated
The numbers from the fourth quarter have been incorporated, completing the 2007 statistics.
January 9, 2008
Insider Threat Studies Released
Insider Threat Study: Illicit Cyber Activity in the Government Sector and Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector have been released. These reports present the findings of research efforts to examine reported insider incidents within their respective sectors.
January 8, 2008
New Podcast Released
Directors and senior executives are personally accountable for protecting information entrusted to their care.
December 10, 2007
New Podcast Released
Internal Audit can serve a key role in putting an effective information security program in place, and keeping it there.
November 29, 2007
FloCon 2008 Schedule Available
The schedule for the FloCon 2008 conference has been released.
November 29, 2007
FBI Announces Results of Operation Bot Roast II
In the second phase of the FBI investigation of botnets, 8 people were indicted, pled guilty, or were sentenced. So far, more than $20 million in losses and more than 1 million victim computers have been identified. Learn how to prevent and report attacks.
November 27, 2007
New Podcast Released
Information security degree programs are proliferating, but what do they really offer business leaders who are seeking knowledgeable employees?
November 13, 2007
New Podcast Released
Information security risk assessment, performed in concert with operational risk management, can contribute to compliance as an outcome.
November 1, 2007
CERT NetSA Group Participates in Anti-Phishing Working Group eCrime Research Summit
Members of the CERT Network Situational Awarness Group presented Fishing for Phishes: Applying Capture-Recapture Methods to Estimate Phishing Populations (pdf) at the APWG eCrime Researchers Summit. They also participated in the Report out and Panel: Uncleanliness: Quantifying network reputation.
October 30, 2007
New Podcast Released
Business Leaders can play a key role in computer forensics by establishing strong policies and proactively testing to ensure those policies work in tough situations.
October 16, 2007
CERT Statistics Updated
The CERT statistics have been updated with numbers from the third quarter of 2007.
October 16, 2007
New Podcast Released
A business resilience argument can bridge the communication gap that often exists between information security officers and business leaders.
October 9, 2007
Vodcast - Secure Coding Initiative: Project
Robert Seacord discusses the Secure Coding project.
October 2, 2007
New Podcast Released
By taking a holistic view of business resilience - similar in many ways to classical engineering - business leaders can help their operations stand up to known and unknown threats.
![[Valid RSS]](/images/valid-rss.png "Validate my RSS feed")
