173 KB | 3 files | DOC, PDF
If a system is compromised, organizations need to improve the ability to minimize their damage. The purpose of this guide is to inform organizations of this rapidly growing problem and provide best-practice defense tactics.
The nature of malicious code, or malware, (e.g., viruses, worms, bots) shifted recently from disrupting service to actively seeking financial gain. In the past, worms were designed primarily to propagate. The impact on victims and organizations was primarily a disruption of service resulting in loss of productivity and sometimes a loss in revenue. Now, many of the significant worms are designed to steal sensitive information such as credit card numbers, social security numbers, pin codes, and passwords and send the information to the attacker for nefarious purposes including identity theft.
Unfortunately, attackers have become very adept at circumventing traditional defenses such as anti-virus software and firewalls. Even encrypted web transactions may not protect sensitive information if the user's computer has been infected.
Because malware writers are circumventing the basic security controls many organizations have implemented, the community needs to increase user awareness regarding cyber security issues in order to minimize the opportunity for sensitive information from "leaking out" of an organization. If a system is compromised, organizations need to improve the ability to minimize their damage. The purpose of this guide is to inform organizations of this rapidly growing problem and provide best-practice defense tactics.
The attached Zip file includes:
This publication provides guidelines for establishing and participating in cyber threat information sharing relationships. ... More >>
This document provides recommendations and guidelines for enhancing trust in email, including transmission and content security recommendations. ... More >>
This excerpt focuses on the conceptual aspects of defect management, including the basic concepts of a defect, how to manage defects, and an analysis of the root causes of defects. ... More >>