Collaborate Disseminate
From a modular development standpoint, should a "firewall" do anything else than filtering ports?
This leads me to further ask, have there been attempts to reform the terminology from "firewall" to "port filterer&q… Continue reading From a modular development standpoint, should a "firewall" do anything else than filtering ports?
Obviously some manufacturers do not care too much about making their products secure and the vulnerabilities, if any, are only found by volunteer hackers, it at all – for example in IoT products.
Most end users cannot take (advanced) prote… Continue reading Why aren’t governments taking steps to make end-user products more secure in terms of IT security? [closed]
Is there any reason why an information security standard such as ISO 27001 is not getting updated as Information Security field is constantly changing and also the requirements but its latest version is for 2013?
This website claims that (emphasis added):
In PKCS#7 SignedData, attached and detached formats are supported… In detached format, data that is signed is not embedded inside the SignedData package instead it is placed at some external loca… Continue reading What is the PKCS#7 detached signature format?
RFC5958 defines a set of enhancements to the PKCS#8 key serialization format, bumping the version field up to 1 and additionally permitting serialization of public keys for arbitrary asymmetric cryptographic algorithms.
OneAsymmetricKey ::… Continue reading How to encode a public key in PKCS#8?
The items in our roundup this spring build on many of the updates from our January roundup, including new drafts available for public comment and additional work on standardization projects in the United Kingdom and European Union.
Additionally, a d… Continue reading Digital Forensics Standards In Q1 2021
Q1 2021 has been a tumultuous period in our era of cyber espionage. The Center For Strategic & International Studies (CSIS), which has been tracking “significant cyber incidents” since 2006, lists 30 major attacks from January to March 2021. Over … Continue reading What contractors should start to consider with the DoD’s CMMC compliance standards
Each of the big cloud platforms has its own methodology for passing on security information to logging and security platforms, leaving it to the vendors to find proprietary ways to translate that into a format that works for their tool. The Cloud Security Notification Framework (CSNF), a new working group that includes Microsoft, Google and […] Continue reading Emerging open cloud security framework has backing of Microsoft, Google and IBM
I’m looking for a set of documents from reputable sources that explicitly state that password (passphrase) length is exponentially more important than password complexity.
Consider the following password policies:
[a] Passwords must contai… Continue reading References for [password length] > [complexity] (Academic Papers, Government Guidelines, Standards Publications) [closed]
What are some Asian-equivalent organizations comparable to USA’s NIST?
I want to check the best practices and guidelines on computer security. Does anyone know if there are similar organizations in Asian countries that publish recommendati… Continue reading What are equivalent Asian organization of NIST, especially in the Security Computer Division? [closed]