-----Original Message----- From: InfraGard [mailto:infragard@private] Sent: Thursday, August 14, 2003 6:47 AM To: Information Technology Subject: [Information_technology] Daily News 08.14.03 August 13, Government Computer News - NIST releases guidelines for IT security metrics. The National Institute of Standards and Technology (NIST) has released its final version of guidelines for developing metrics to help ensure agencies meet IT security requirements. Metrics-measurable standards-monitor the effectiveness of goals and objectives established for IT security. They measure the implementation of security policy, the results of security services and the impact of security events on an agency's mission. The publication uses the critical elements, and security controls and techniques laid out in an earlier NIST publication, 800-26, Security Self-Assessment Guide for IT Systems. NIST Special Publication 800-55, Security Metrics Guide for IT Systems is available online http://csrc.nist.gov/publications/nistpubs/800-55/sp800-55.p df Source: http://www.gcn.com/vol1_no1/daily-updates/23108-1.html August 13, eWEEK - Worm: long wait for fix. Computer users were scrambling Wednesday, August 13, for alternate fixes for the havoc wreaked by the Blaster worm as many people were unable to reach Microsoft Corp.'s main patch download site. The Windows Update Web site was extremely sluggish Tuesday and Wednesday, and some users reported being unable to reach the site at all. The Blaster worm, also known as LoveSan, began infecting Windows NT, 2000 and XP machines Monday and continues to spread rapidly. The worm exploits a vulnerability in the Windows RPC (Remote Procedure Call) service and uses a lot of bandwidth scanning for other vulnerable machines once it has infected a PC. Microsoft made a patch available for the flaw in mid-July. Blaster is also causing service problems on Comcast Corp.'s cable modem network. Several Comcast customers said their service had been down for extended periods during the last couple of days and that Comcast officials said Blaster was to blame. Source: http://www.eweek.com/article2/0,3959,1218982,00.asp August 12, National Journal - Industry comments on antiterror liability protection rule. A coalition of trade associations on Monday, August 13, filed comments on a Department of Homeland Security measure to protect security technology providers from liability if their products or services fail to prevent terrorist attacks. The coalition, which included the Information Technology Association of America and National Association of Manufacturers, endorsed a proposal to distinguish between "qualified anti-terrorism technologies" and "approved products for homeland security." They cautioned that the proposed five- to eight-year limits on products exempt from legal liability under such designations could discourage the development of anti-terrorism technologies and said the regulations should be retroactive, with shorter review periods. The group also called for an extension of the immunity from lawsuits and a broadening of designations to include more products and services, and they are seeking greater confidentiality about their security roles and more financial support from the government if they are successfully sued for breaches in security. Source: http://www.govexec.com/dailyfed/0803/081203td2.htm _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Thu Aug 14 2003 - 11:18:04 PDT