Introduction to the NSA Infosec Assessment Methodology (IAM)
On May 22, 1998 President Clinton signed Presidential Decision Directive 63 (PPD 63). This directive outlined the civilian and governmental responsibility of protecting the US Critical Infrastructure and established the framework for the National Infrastructure Assurance Plan. One portion of the National Infrastructure Assurance Plan mandates that the National Security Agency (NSA) will perform information security assessments of US Government systems. This assessment became known as the NSA's Infosec Assessment Methodology (IAM).
Read the Article
|
Security & Vulnerability Analysis of Wireless Messaging Protocols & Applications
Wireless messaging is now a dynamic ingredient in the communication modes of our life. Many applications over the Internet now use wireless messages to contact with the enduser. This paper describes the messaging infrastructure and the related protocols used in this scenario. It also presents many ways you can use the wireless networks to talk with your applications. There is also a growing concern over how much these services are secure and how they can be compromised, which are described briefly in this presentation.
Read the Article
|
Practical Threat Analysis for the Software Industry
This paper describes Practical Threat Analysis (PTA); a calculative threat modeling methodology and a CASE tool that assists software security analysts and software developers in assessing system risks and building the most effective risk reduction policy for their system.
Read the Article
|
Systems Security Assessment: A Simple Baseline
This document is intended to provide basic guidelines to systems administrators and engineers with regard to assessing vulnerabilities for two distinct environments. It is not intended to be a complete doctrine or the only solution as the effort to maintain good systems security never ends. Instead, use this paper as a path to a reasonably sound foundation on which to build. This guideline will describe a list of vulnerabilities as they apply to servers, at the physical, OS and infrastructure in any environment.
Read the Article
|
Bluetooth Security Review, Part 1
This two-part series looks at Bluetooth security and privacy issues, including methods of detection, data loss prevention and social engineering.
Read the Article
|
Bluetooth Security Review, Part 2
Part 2 of the Bluetooth series looks at several unpublished vulnerabilities in Symbian based phones, and then moves on to discuss "Blue Tag" tracking, positioning, and privacy issues.
Read the Article
|
B.A.S.E A Security Assessment Methodology
The purpose of this case study, then, is to propose and practically apply an elementary information security assessment protocol called BASE. BASE stands for Baseline, Audit and Assess, Secure, Evaluate and Educate.
Read the Article
|
