Friday, September 06, 2013

Netcraft's September Web Server Survey

Results Summary: nginx ▲, Apache ▲, Microsoft ▼, IIS 8.5 ▲, generic TLDs. (

Friday, July 26, 2013

The Critical Security Controls

Which information security controls are the highest priorities for your organization? The Critical Security Controls (CSCs), also known as the Consensus Audit Guidelines (CAG), are currently at version 4.1. Dozens of organizations shared in refining the controls, and the result is a list of those that produce the greatest results in the shortest time.

Every organization should undertake a risk assessment and prioritize the 20 CSCs according to its needs, and start implementing them immediately. Starting with the CSC will quickly result in significant measurable gains in information security, increasing any organization's resilience and viability in the midst of constantly changing threats.

Thursday, July 25, 2013

In July 2013, NIST published Special Publication 800-83, Revision 1: "Guide to Malware Incident Prevention and Handling for Desktops and Laptops."

The Executive Summary provides an overview of high-level considerations. It is recommended that organizations

  • develop and implement an approach to malware incident prevention
  • ensure that their policies address prevention of malware incidents
  • incorporate malware incident prevention and handling into their awareness programs
  • have vulnerability mitigation capabilitiesto help prevent malware incidents
  • have threat mitigation capabilitiesto assist in containing malware incidents
  • consider using defensive architecture methods to reduce the impact of malware incidents
  • have a robust incident response process capability that addresses malware incident handling.