Newsfeeds

CERT Announcements

Announcements: What's New on the CERT web site

Report on Monitoring for Insider Theft of Intellectual Property Released
This report presents a way organizations can mitigate the risk of theft of intellectual property by departing insiders.
Source Code Analysis Laboratory (SCALe) Technical Note Released
This technical note describes SCALe, a demonstration process for testing software for conformance against secure coding standards.
Insider Threat Security Reference Architecture Technical Report Released
This report describes the Insider Threat Security Reference Architecture (ITSRA), an enterprise-wide solution to the threat organizations face from their own insiders.
New CERT/CC Blog Entry
CERT Basic Fuzzing Framework 2.5 Released
New CERT/CC Blog Entry
CERT Linux Triage Tools 1.0 Released
New Podcast Released
Security controls, including those for insider threat, are the safeguards necessary to protect information and information systems.
New CERT/CC Blog Entry
CERT Failure Observation Engine 1.0 Released
New CERT/CC Blog Entry
Vulnerability Severity Using CVSS
The CERT Top 10 List for Winning the Battle Against Insider Threats Released
Organizations can use these tips, drawn from the CERT Insider Threat Center's case files, to combat insider threat.
New Insider Threat Blog Post
The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes
CERT-RMM V1.1: NIST Special Publication Crosswalk Version 1 Released
This technical note maps CERT-RMM process areas to 800-series NIST special publications.
Principles of Trust for Embedded Systems Technical Note Published
This paper gives substance and explicit meaning to the terms trust and trustworthy as they relate to automated systems and to embedded systems in particular.
New Podcast Released
Implementing secure coding standards to reduce the number of vulnerabilities that can escape into operational systems is a sound business decision.
Mission Risk Diagnostic (MRD) Method Description Technical Note Released
This technical note overviews the MRD method developed by the SEI to assess system risk across the lifecycle and supply chain.
CERT-RMM Capability Appraisal Method (CAM) Version 1.1 Technical Report Released
This report demonstrates that SCAMPI V1.2 can be applied to CERT-RMM V1.1 as the reference model for a process appraisal.
CERT-RMM V1.1: Code of Practice Crosswalk Commercial Version 1.1 Technical Note Released
This tech note shows how CERT-RMM process areas, industry standards, and codes of practices are connected.
New Insider Threat Blog Entry
The entry "Insiders and Organized Crime" has been posted.
The CERT Guide to Insider Threats Book Published
This book describes the CERT Insider Threat Center's practical findings on insider cyber crimes, as well as guidance and countermeasures for organizations.
Risk-Based Measurement and Analysis: Application to Software Security Technical Note Released
This technical note presents the foundations of a risk-based software security measurement and analysis method.
New Podcast Released
Protecting the internet and its users against cyber attacks requires a significant increase in the number of skilled cyber warriors.
New Insider Threat Blog Entry
The Entry "Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage" has been posted.
Spotlight On: Malicious Insiders and Organized Crime Activity
This TN is the fifth article in the Spotlight On quarterly series published by the CERT Insider Threat Center.
CERT Program Improves Security in C Programming Language Standard
The CERT Secure Coding team made key contributions to the newest ISO/IEC C language standard.
New CERT/CC Blog Entry
The entry "CNAME flux" has been posted.
Using Defined Processes as a Context for Resilience Measures Technical Note Released
This technical note describes how implementation-level processes can help organizations define measures of operational resilience.
New Podcast Released
Electronic health records bring many benefits along with security and privacy challenges.
Standards-Based Automated Remediation 2011 Update Released
This report updates the development of standards for remediation of vulnerabilities and compliance issues on Department of Defense networked systems for 2011.
Insider Threat Control Released
Insider Threat Control: Using a SIEM Signature to Detect Potential Precursors to IT Sabotage presents a technique for detecting potential insider sabotage over an organization's network.
New Insider Threat Blog Entry
The entry "Preparing for Negative Workplace Events - Managing Employee Expectations" has been posted.
New Insider Threat Blog Entry
The entry "Insider Threat Controls" has been posted.
New Insider Threat Blog Entry
The entry "Data Exfiltration and Output Devices - An Overlooked Threat" has been posted.
CERT Oracle Secure Coding Standard for Java Book Published
The CERT Oracle Secure Coding Standard for Java has been published by Addison-Wesley Professional.
New Insider Threat Demonstration Series Launched
The CERT Insider Threat Center has released the first video in a series of insider threat demonstrations.
Insider Threat Control Technical Note Released
This technical note describes how organizations can use Splunk to detect insider theft of intellectual property.
Agenda Now Available for Upcoming Workshop
The Institute for Information Infrastructure Protection (I3P) and the CERT Program will present the workshop "Cyber Security CPR: Coordinated Private Response to Computer Security Incidents" in Arlington, VA on October 12-13. See the web page for a link to the agenda.
New Podcast Released
Measures of operational resilience should answer key questions, inform decisions, and affect behavior.
Community College Education Report Published
The fourth volume in the Software Assurance Curriculum Project focuses on community college courses for software assurance.
2010 CERT Research Report Published
The CERT Program is internationally known for developing practices and technologies to protect, detect, and respond to attacks, accidents, and failures on networked systems. This report describes progress in our innovative research projects and activities.
New CERT/CC Blog Entry
The entry "Challenges in Network Monitoring above the Enterprise" has been published.
New Podcast Released
Use of Domain Name System security extensions can help prevent website hijacking attacks.
Registration Open for Webinar and Workshop
The Institute for Information Infrastructure Protection (I3P) and the CERT Program will present the workshop "Cyber Security CPR: Coordinated Private Response to Computer Security Incidents" in Arlington, VA on October 12-13. There is a pre-event webinar on September 8. See the workshop web page for links to online registration forms.
New Insider Threat Blog Entry
The entry "The Necessity of Best Practices for the Prevention and Detection of Insider Threats" has been posted.
New Insider Threat Blog Entry
The entry "The CERT Insider Threat Database" has been posted.
Keeping Your Family Safe in a Highly Connected World
As our world becomes highly connected where endless data is just a click away and using networked devices has become almost a necessity, protecting your personal information and family privacy is of great concern.
Measures for Managing Operational Resilience Technical Report Published
In this technical report Resilient Enterprise Management (REM) team members suggest a set of top ten strategic measures for managing operational resilience.
New Podcast Released
Depending on the service model, cloud providers and customers can monitor and implement controls to better protect their sensitive information.
Standards-Based Automated Remediation Special Report Released
This report describes the development of standards for remediation of vulnerabilities and compliance issues on Department of Defense networked systems.
New Insider Threat Blog Entry
The entry "Theft of Intellectual Property and Tips for Prevention" has been published.
Request for Proposal - SEI Code Review Process
The SEI is issuing a Request for Proposal seeking interested organizations with experience performing web penetration and source code audits in systems developed in C#, Java, Ruby, Perl, Python, JavaScript, and PHP.
New Podcast Released
Analyzing malware is essential to assess the damage and reduce the impact associated with ongoing infection.

LOS