Scheduled and unscheduled drills of security professionals and other stakeholders are an important way to ensure your organization has tested its incident response plans. Examples of such drills include table top exercises, simulated events, etc. Implementation...
This section includes processes and tools used for incident management as well as roles and responsibilities. Implementation Assessment SANS – Password Construction GuidelinesPasswords are a critical component of information security. Passwords serve to protect...
NIST indicates that potential indicators and possible precursors of insider threat can include behaviors such as inordinate, long-term job dissatisfaction, attempts to gain access to information not required for job performance, unexplained access to financial...
NIST points out that Security Awareness and System Administrator training helps explain proper rules of behavior for the use of agency information systems and information. The program communicates information technology (IT) security policies and procedures that need...
NIST defines patch management as the process for identifying, acquiring, installing, and verifying patches for products and systems. (Source) Implementation Assessment AT&T Cybersecurity – Free and Commercial ToolsListing of free and commercial tools for...
NIST defines penetration testing as security testing in which evaluators mimic real-world attacks in an attempt to identify ways to circumvent the security features of an application, system, or network. Penetration testing often involves issuing real attacks on real...