Every year, the U.S. government spends billions of dollars on IT-security resources. Most of this money is funneled toward the DHS (Department of Homeland Security); the DoD (Department of Defense); and various other federal, state and local agencies in an effort to protect government computer systems and data from attackers. On the other hand, many government security resources can also be readily used by businesses in almost any field to enhance their own security strategies and practices. Here is quick guide to five of the best government IT-security resources available on the Web.
1. National Vulnerability Database : Maintained by the CSRC (Computer Security Resource Center ) of the NIST (National Institute of Standards and Technology), the National Vulnerability Database lets users search U.S. government security resources for information about potential vulnerabilities in their own systems. The database provides information on critical security weaknesses in specific hardware and software products and also includes security checklists, data on security-related software flaws, misconfiguration information and impact metrics.
2. Build Security In : This knowledge base, sponsored by the DHS's NCSD (National Cyber Security Division), offers businesses a variety of best-practices insights, technical tools, guidelines, examples, principles and other resources that software developers , system architects and security professionals can use to incorporate security into software during every phase of its development. According to the NCSD, the project's resources are structured on the principle that software security is fundamentally an engineering problem that must be addressed in a systematic way throughout the development life cycle.
3. Stay Safe Online : Sponsored by the NCSA (National Cyber Security Alliance) — a collaborative effort among experts in government, security, nonprofit and academic organizations — Stay Safe Online provides nontechnical security advice to potential cybercrime victims. This online resource center has areas that are geared toward home computer uses, small businesses and educators. Stay Safe Online is a useful and free resource that can be easily incorporated into an employee IT-security training program.
4. Public/Private Security Practices : The NIST has compiled this database to help businesses in a variety of different fields learn about and adopt security strategies that have been successfully tested in the field. The database also provides access to documents that cover a variety of key security issues. This is a handy resource for businesses that are beginning to plan or update their security strategies.
5. ITL Security Bulletins : The NIST's ITL (Information Technology Laboratory) publishes online bulletins on an average of six times per year. According to the ITL, each bulletin provides a deep examination of a single topic that is of significant interest to the information-systems community. This resource is a must-read for any business that wants to keep on top of its security game.
Bonus — OCTAVE : Although not strictly a government project, OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) is a resource that many government agencies use. Designed for use by enterprises with 300 or more employees, OCTAVE is a risk-based strategic-assessment and planning framework. Developed by CERT (Computer Emergency Response Team), the OCTAVE method is a three-phased approach for examining organizational and technology issues and assembling a comprehensive picture of an organization's security needs. OCTAVE is generally recognized as a very thorough method for getting all departments within an enterprise to create a uniform and sustainable security strategy.
In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more
Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more
For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more
With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more