RE: CRIME FW: [Information_technology] Daily News 1/26/04

From: Sasha Romanosky (sasha_romanosky@private)
Date: Mon Jan 26 2004 - 10:50:03 PST

  • Next message: Kuo, Jimmy: "CRIME New virus alert: Mydoom!!!"

    I'm a huge fan of NIST's work, including these documents (I almost have
    the risk management one memorized), and I think it's clear that anyone
    who "gets" infosec can appreciate the reason for replacing telnet. 
    
    However, the paper I'd like to see NIST publish, is how to convince
    everyone else (managers, senior managers, users) of this as well. 
    
    cheers,
    Sasha
    
    
    > -----Original Message-----
    > From: information_technology-admin@private
    > [mailto:information_technology-admin@private] 
    > On Behalf Of InfraGard
    > Sent: Monday, January 26, 2004 6:28 AM
    > To: Information Technology
    > Subject: [Information_technology] Daily News 1/26/04
    > 
    > January 23, Federal Computer Week - NIST releases telnet, IT 
    > security drafts. Federal agencies desiring to minimize work 
    > disruptions from outside intrusions can begin with simple 
    > safeguards, such as preventing unauthorized users from using 
    > the telnet protocol to gain access to a server, according to 
    > officials at the National Institute of Standards and 
    > Technology (NIST). Draft documents on computer security 
    > released Thursday, January 22, by the NIST give an example of 
    > how unauthorized telnet users simply identify themselves as a 
    > guest to gain access to sensitive government files. The Risk 
    > Management Guide for Information Technology Systems suggests 
    > that disabling telnet is about a 10-hour procedure. Practical 
    > advice in the 58-page document includes other ways that 
    > agencies can develop standards for safeguarding sensitive but 
    > unclassified information in federal computer systems. As 
    > applied to information systems, the guide says, risk 
    > management is a responsibility of executive managers to be 
    > shared with technical managers, and not a technical manager's 
    > sole responsibility. Engineering Principles for Information 
    > Technology Security, a 33-page document also released this 
    > week, offers an overview of accepted principles and practices 
    > for security information technology systems. Additional 
    > information can be found on the NIST Website: 
    > http://csrc.nist.gov/publications/drafts.html
    > Source: 
    > http://www.fcw.com/fcw/articles/2004/0119/web-nist-01-23-04.asp
    > 
    



    This archive was generated by hypermail 2b30 : Mon Jan 26 2004 - 11:50:42 PST