INFORMATION SECURITY PORTAL
Below is a short description of the mening. It doeas not cover all information, it is intended as short description/introduction. For some words there will be a link to more information.
The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. Their mission is to make software security visible, so that individuals and organizations are able to make informed decisions.
The National Institute of Standards and Technology (NIST) was founded in 1901 and is now part of the U.S. Department of Commerce. NIST measurements support the smallest of technologies to the largest and most complex of human-made creations—from nanoscale devices to earthquake-resistant skyscrapers and global communication networks.
NIST is also helping organizations to better understand and improve their management of cybersecurity risk and have develped a Cybersecurity Framework.
Data Protection Impact Assessment (DPIA) was introduced with the General Data Protection Regulation (Art. 35 of the GDPR). This refers to the obligation of the controller to conduct an impact assessment and to document it before starting the intended data processing. Basically, a DPIA must always be conducted when the processing could result in a high risk to the rights and freedoms of natural persons.
The term “Privacy by Design” means that technical and organisational measures must be taken already at the time of planning a processing system to protect data safety. Behind this is the thought that data protection in data processing procedures is best adhered to when it is already integrated in the technology when created.
The Electronic Frontier Foundation (EFF) is an international non-profit digital rights group based in San Francisco, California. The foundation was formed in July 1990 by John Gilmore, John Perry Barlow and Mitch Kapor to promote Internet civil liberties.
The EFF provides e.g. funds for legal defence in court, defends individuals and new technologies from what it considers abusive legal threats, works to expose government malfeasance, provides guidance to the government and courts and maintains a database and web sites of related news and information.
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle credit cards. The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually or quarterly, by an external Qualified Security Assessor (QSA), or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.
The Information Security Forum (ISF) is an independent, not-for-profit organisation with a Membership comprising many of the world’s leading organisations featured on the Fortune 500 and Forbes 2000 lists. We are dedicated to investigating, clarifying and resolving key issues in information security and risk management, by developing best practice methodologies, processes and solutions that meet the business needs of our Members.
FIRST is the premier organization and recognized global leader in incident response. Membership in FIRST enables incident response teams to more effectively respond to security incidents reactive as well as proactive. FIRST brings together a variety of computer security incident response teams from government, commercial, and educational organizations. FIRST aims to foster cooperation and coordination in incident prevention, to stimulate rapid reaction to incidents, and to promote information sharing among members and the community at large.
CWE™ is a community-developed list of common software security weaknesses. It serves as a common language, a measuring stick for software security tools, and as a baseline for weakness identification, mitigation, and prevention efforts.
Targeted to developers and security practitioners, the Common Weakness Enumeration (CWE) is a formal list of software weakness.
The NIST Software Assurance Metrics And Tool Evaluation (SAMATE) project is dedicated to improving software assurance by developing methods to enable software tool evaluations, measuring the effectiveness of tools and techniques, and identifying gaps in tools and methods. The scope of the SAMATE project is broad: ranging from operating systems to firewalls, SCADA to web applications, source code security analyzers to correct-by-construction methods.
The site "informationssäkerhet.se" offers cohesive and practical support for systematic information security work from Swedish authorities. The site is a resource for anyone working with information security in organizations.
eSam is a member-driven program for collaboration between 23 Swedish authorities and SKL. Members want to take advantage of the possibilities of digitalisation to make it easier for individuals and companies and to use our shared resources effectively.
The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification. Common Criteria is a framework in which computer system users can specify their security functional and assurance requirements in a Security Target, and may be taken from Protection Profiles. Vendors can then implement or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims.
CERT-SE is Sweden's national CSIRT (Computer Security Incident Response Team) with the task of supporting the community in its work on managing and preventing IT incidents. Operations are conducted at the Swedish Agency for Social Protection and Preparedness (MSB).
The Cloud Security Alliance (CSA) is an organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products.
COBIT (Control Objectives for Information and Related Technologies) is comparable to HITRUST but for the financial industry. Created by the Information Systems Audit and Control Association (IASCA), the controls and best practices were defined in the 1990s for financial auditors but were quickly expanded for all industries.
COBIT is a high-level system that integrates the overlapping elements of major CSFs. It divides the IT process into four domains: Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate.
ENISA is the European Union Agency for Cybersecurity.
ENISA provides recommendations on cybersecurity, supports policy development and its implementation, and collaborates with operational teams throughout Europe.
The Committee of Sponsoring Organizations’ (COSO) mission is to provide thought leadership through the development of comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence designed to improve organizational performance and governance and to reduce the extent of fraud in organizations.
COSO’s goal is to provide thought leadership dealing with three interrelated subjects: enterprise risk management (ERM), internal control, and fraud deterrence.
Threat modelling works to identify, communicate, and understand threats and mitigations within the context of protecting something of value. It can be applied to a wide range of things, including software, applications, systems, networks, distributed systems, things in the internet of things, business processes, etc. There are very few technical products which cannot be threat modelled; more or less rewarding, depending on how much it communicates, or interacts, with the world. Threat modelling can be done at any stage of development, preferably early - so that the findings can inform the design.