US Department of Defence (DoD), Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) on database:
iase.disa.mil/stigs/app-security/database
Very detailed and in high quality.
The National Cybersecurity and Communications Integration Center
www.us-cert.gov
Payment Card Industry Data Security Standard (PCI DSS):
www.pcisecuritystandards.org/security_standards
SANS Institute (SANS)
www.sans.org
Federal Information Security Management (FISMA)
www.dhs.gov/federal-information-security-management-act-fisma
Financial Services Sector Coordinating Council (FSSCC)
www.us-cert.gov
Payment Card Industry Data Security Standard (PCI DSS):
www.pcisecuritystandards.org/security_standards
SANS Institute (SANS)
www.sans.org
Federal Information Security Management (FISMA)
www.dhs.gov/federal-information-security-management-act-fisma
Financial Services Sector Coordinating Council (FSSCC)
fsscc.org
Has a automated cybersecurity assessment tool, but it has not been maintained for some years.
Federal Financial Institutions Examination Council (FFIEC)
Has a cybersecurity assessment tool, but is has not been maintained for several years.
FFIEC IT Handbook
ithandbook.ffiec.gov
ithandbook.ffiec.gov
Bundesamt für Sicherheit in der Informationstechnik (BIS)
Federal Office for Information Security
www.bsi.bund.de/EN
ISO 27001:
www.iso.org/iso/home/standards/management-standards/iso27001.htm
ISO 27002
Common Criteria - ISO 15408
www.commoncriteriaportal.org
Microsoft SQL Server Certification Reports and other CC documentation.
National Institute of Standards and Technology (NIST), National Checklist Program (NCP):
http://web.nvd.nist.gov/view/ncp/repository
National Vulnerability Database (NVD) Common Vulnerability Scoring System (CVSS) Support:
nvd.nist.gov/cvss.cfm
Common Vulnerability Scoring System (CVSS):
www.first.org/cvss
Federal Information Processing Standards Publication (FIPS): Security Requirements for Cryptographic Modules
FIPS 140-2 (PDF)
Usage of compliant certified algorithm instances.
Cloud Security Alliance (CSA)
cloudsecurityalliance.org
Open Web Application Security Project (OWASP):
www.owasp.org
European Union Agency for Network and Information Security (ENISA)
www.enisa.europa.eu
EU center of expertise on network and information security.
EU GDPR: General Data Protection Regulation (Regulation 2016/679)
"Regulation (EU) 2016/679 of the European Parliament and of the Council"
www.eugdpr.org
EU regulation on data protection for all people in EU. As a regulation it does not require national legislation.
European Data Protection Supervisor (EDPS)
Federal Office for Information Security
www.bsi.bund.de/EN
ISO 27001:
www.iso.org/iso/home/standards/management-standards/iso27001.htm
ISO 27002
Common Criteria - ISO 15408
www.commoncriteriaportal.org
Microsoft SQL Server Certification Reports and other CC documentation.
National Institute of Standards and Technology (NIST), National Checklist Program (NCP):
http://web.nvd.nist.gov/view/ncp/repository
National Vulnerability Database (NVD) Common Vulnerability Scoring System (CVSS) Support:
nvd.nist.gov/cvss.cfm
Common Vulnerability Scoring System (CVSS):
www.first.org/cvss
Federal Information Processing Standards Publication (FIPS): Security Requirements for Cryptographic Modules
FIPS 140-2 (PDF)
Usage of compliant certified algorithm instances.
Cloud Security Alliance (CSA)
cloudsecurityalliance.org
Open Web Application Security Project (OWASP):
www.owasp.org
European Union Agency for Network and Information Security (ENISA)
www.enisa.europa.eu
EU center of expertise on network and information security.
EU GDPR: General Data Protection Regulation (Regulation 2016/679)
"Regulation (EU) 2016/679 of the European Parliament and of the Council"
www.eugdpr.org
EU regulation on data protection for all people in EU. As a regulation it does not require national legislation.
European Data Protection Supervisor (EDPS)
edps.europa.eu
European Union’s (EU) independent data protection authority.
EU: Network and Information Security (NIS2) directive
European Union’s (EU) independent data protection authority.
EU: Network and Information Security (NIS2) directive
Set a common level on network and information security on a broad set of business sectors. Actually the directive covers all companies with more than 50 employees or more than 10 mio. EUR turnover.
It is expected that the directive will be adopted in 2022 and will be effective 18 months thereafter.
Center for Internet Security (CIS), Security Configuration Benchmarks on Database Servers
benchmarks.cisecurity.org/downloads/benchmarks.servers.database
These guidelines are of a very varying quality.
The Hacker News (thehackernews.com)
The Centre for Cyber Security (CFCS.dk)
Center for Internet Security (CIS), Security Configuration Benchmarks on Database Servers
benchmarks.cisecurity.org/downloads/benchmarks.servers.database
These guidelines are of a very varying quality.
The Hacker News (thehackernews.com)
Danish references
DK CERT (www.cert.dk)The Centre for Cyber Security (CFCS.dk)
Governed by Danish Ministry of Defense (Forsvarsministeriet).
Digitaliseringsstyrelsen (digst.dk/sikkerhed)
2012, Syngress, Elsevier (ISBN 978-1-59749-947-7)
Many great details and experiences.
Peter A. Carter: Securing SQL Server, 2nd Edition
Digitaliseringsstyrelsen (digst.dk/sikkerhed)
Litterature
Denny Cherry: Securing SQL Server, 2nd Edition2012, Syngress, Elsevier (ISBN 978-1-59749-947-7)
Many great details and experiences.
Peter A. Carter: Securing SQL Server, 2nd Edition
2018, Apress ISBN 978-1-4842-4160-8)
Justin Clarke: SQL Injection Attacks and Defence, 2nd Edition
2012, Syngress, Elsevier (ISBN 978-1-59749-963-7)
Great in many aspects.
Rudi Bruchez: Microsoft SQL Server 2012 Security Cookbook
2012, Packt Publishing (ISBN 978-1-84968-588-7)
Justin Clarke: SQL Injection Attacks and Defence, 2nd Edition
2012, Syngress, Elsevier (ISBN 978-1-59749-963-7)
Great in many aspects.
Rudi Bruchez: Microsoft SQL Server 2012 Security Cookbook
2012, Packt Publishing (ISBN 978-1-84968-588-7)
No comments:
Post a Comment