Return-path: <[log in to unmask]> Received: from 97755797.law.msu.edu (gwavix.law.msu.edu [35.8.206.12]) by mail.law.msu.edu; Thu, 16 Feb 2006 18:28:31 -0500 Received: (qmail 16975 invoked by uid 504); 16 Feb 2006 23:28:32 -0000 Received: from [log in to unmask] by 97755797.law.msu.edu by uid 501 with the Gwavix Scanner (Scanned in 3.02275 secs); 16 Feb 2006 23:28:32 -0000 X-Spam-Status: No, hits=-1.8 required=2.4 Received: from unknown (HELO nww.hdsmail.com) (66.37.227.194) by 0 with SMTP; 16 Feb 2006 23:28:29 -0000 From: "NW on Security" <[log in to unmask]> To: [log in to unmask] Subject: Baseline Security Manual 2004 Date: Thu, 16 Feb 2006 17:10:00 -0600 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Reply-To: Security Help <[log in to unmask]> Message-Id: <[log in to unmask]> X-Gwavix-Server-1.41: added fake MIME-Version header MIME-Version: 1.0 NETWORK WORLD NEWSLETTER: M. E. KABAY ON SECURITY 02/16/06 Today's focus: Baseline Security Manual 2004 Dear John Resotko, In this issue: * English translation of German security manual is back * Links related to Security * Featured reader resource _______________________________________________________________ This newsletter sponsored by Astaro. ASTARO OFFERS FREE TRIAL OF NETWORK SECURITY APPLIANCE Protect your network against spam, spyware, viruses and hackers. Winner, PC Magazine Best of the Year 2005. http://www.fattail.com/redir/redirect.asp?CID=131492 or 1-877-4ASTARO. _______________________________________________________________ COMPLIMENTARY NETWORK WORLD PRINT SUBSCRIPTIONS SIGN UP NOW! Security is one of the most pressing issues in all of IT, and you need to stay on top of it. Network World delivers the hottest security news. Network IT Executives depend upon Network World for the information they need to keep their networks secure! Click for more http://www.fattail.com/redir/redirect.asp?CID=130625 _______________________________________________________________ Today's focus: Baseline Security Manual 2004 By M. E. Kabay For many years, I used the English-language _IT Baseline Security Manual_ created by the German Federal Office for Information Security (BSI: Bundesamt fur Sicherheit in der Informationstechnik) from its German-language _IT-Grundschutz Standard-Sicherheitmassnahmen_. Some years ago, the English translation disappeared from the Web, and I continued to rely only on saved versions of the 1997 version. However, in recent correspondence, reader Claus Stark, the business information security officer of the Frankfurt office of Citigroup, very kindly pointed me to a new English translation of the 2004 version of the Baseline Security Manual available in PDF online <http://www.bsi.de/english/gshb/index.htm>. The 269-page Introduction and Modules 2004 file (7.2 MB) starts with an overview of the documents (Chapter 1) and recommendations (Chapter 2) on the analysis and modeling of information systems security requirements and safeguards. * Chapter 3 covers fundamentals such as security of personnel, contingency planning, data backups, anti-malware, cryptography and incident management. * Chapter 4 looks at infrastructure (buildings, cabling, rooms, cabinets, telecommuting and operations centers). * Chapter 5 discusses standalone systems such as PCs running DOS, Windows, Unix, and the like. * Chapter 6 continues with networked systems. * Chapter 7 continues with data transmission systems - data media, modems, firewalls, e-mail, Web servers, remote access, Lotus Notes, Internet Information Services, Apache Web server, Exchange/Outlook 2000, and routers and switches. * Chapter 8 on telecommunications presents basic security principles and practices for PBXs, fax machines and servers, voice mail, ISDN connections, mobile phones and personal digital assistants. * Chapter 9 adds notes on application software, databases, more on telecommuting, Novell eDirectory 8.6 and archiving. The Threats Catalog (426 pages) includes: * Force majeure * Organizational shortcomings * Human failures * Technical failures * Deliberate acts The Safeguards Catalog (2056 pages) includes: * Infrastructure * Organization * Personnel * Hardware and software * Communications * Contingency planning All the PDF documents have extensive bookmarks and are easily searchable. I am confident that security practitioners and system/network administrators will find these free documents a valuable addition to their libraries of reference resources.021 Today's 10 most-read stories 1. Wacky requests from end users <http://www.networkworld.com/nlsecuritynewsal23133> 2. How do the feds tap phone lines? <http://www.networkworld.com/nlsecuritynewsal23134> 3. Tata faces employee lawsuit in the U.S. <http://www.networkworld.com/nlsec23580> 4. How to make the most of your IT budget <http://www.networkworld.com/nlsec23581> 5. Gates says security boils down to four focus areas <http://www.networkworld.com/nlsec23582> 6. The new network switch <http://www.networkworld.com/nlsec22936nlsecuritynewsal23135> 7. Forum: Strange user requests <http://www.networkworld.com/nlsec23583> 8. The IT profession in the year 2010 <http://www.networkworld.com/nlsec22944nlsecuritynewsal23140> 9. Face-off: Is 'security in the cloud' the way to go? <http://www.networkworld.com/nlsec23584> 10. LANDesk rules the roost in desktop management <http://www.networkworld.com/nlsec22938nlsecuritynewsal23141> _______________________________________________________________ To contact: M. E. Kabay M. E. Kabay, Ph.D., CISSP-ISSMP, is Associate Professor in the Division of Business and Management at Norwich University in Northfield, Vt. Mich can be reached by e-mail <mailto:[log in to unmask]> and his Web site <http://www2.norwich.edu/mkabay/index.htm>. New information assurance journal - Norwich University Journal of Information Assurance (NUJIA). See <http://nujia.norwich.edu/> _______________________________________________________________ This newsletter is sponsored by Sybase, Intel and HP Sybase IQ: An Evaluation by Bloor Research Datastores that promise query results in a matter of minutes may seem too good to be true. But in this product evaluation, Bloor Research validates that Sybase IQ provides substantially better performance--at a lower cost--than traditional BI environments. Click link to download this free whitepaper now. http://www.fattail.com/redir/redirect.asp?CID=131137 _______________________________________________________________ ARCHIVE LINKS Archive of the Security newsletter: <http://www.networkworld.com/newsletters/sec/index.html> Security Research Center: <http://www.networkworld.com/topics/security.html> Instant sign-up for Security News Alert: <http://www.networkworld.com/isusecna> Instant sign-up for Virus & Bug Patch Alert: <http://www.networkworld.com/isubug> _______________________________________________________________ ProCurve Networking by HP The Seven Deadly Sins of Deploying Wireless Are you thinking about deploying, expanding or even reworking a wireless network? An upfront strategy will give you the most long-term flexibility. The key is knowing how to avoid "The Seven Deadly Sins of Deploying Wireless. "Tune-in to this on-demand 24/7 webcast anytime. http://www.fattail.com/redir/redirect.asp?CID=130796 _______________________________________________________________ FEATURED READER RESOURCE Application acceleration across the WAN Curious about the different approaches to speeding up those applications? We've invited Silver Peak, Cisco, Packeteer and Citrix to discuss their different approaches. They'll be online the week of Feb. 27 to answer your questions - and we'll have a library of links to related papers. If you want to get a head start, though, send us your WAN acceleration questions now to [log in to unmask] and the vendors will start working on answers. Find out more: <http://www.networkworld.com/community/?q=acceleration> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.subscribenw.com/nl/login.jsp> To change your e-mail address, go to: <http://www.subscribenw.com/nl/eclogin.jsp> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [log in to unmask] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[log in to unmask]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Susan Cardoza, Associate Publisher Online, at: <mailto:[log in to unmask]> Copyright Network World, Inc., 2006