WHAT IS NEW WITHIN EACH OF THE DOMAINS

Below you have the list of new domains on the left and the new topics that were introduced within each of the domains on the left. I welcome your help to complete it with even more details. If you know of topics and links that could be added, please send an email to [email protected] and let me know.

NEW DOMAIN NAME NEW TOPICS THAT WERE ADDED

Security & Risk Management Threat Modeling More details were added about threat modeling Asset Security Acquisition Integrate security risk consideration into acquisition and practice Hardware, Software, and services Third Party assessment and monitoring (on site assessment, document exchange and review, process/policy review) Minimum security requirements Service-level requirements Security Engineering Mobile Systems This is NOT referring to Phones and other tools. It is referring to laptop as mobile devices and the risk associated with those mobile devices. Internet of things (IoT) http://www.itworld.com/article/2906805/welcome-to-the-internet-of-things-please-check-your-privacy-at-the-door.html?phint=newt%3Ditworld_today&phint=idg_eid%3D4d76928f948553d246266242f20ee850#tk.ITWNLE_nlt_tonight_2015-04-08 and https://www.ftc.gov/news-events/press-releases/2015/01/ftc-report-internet-things-urges-companies-adopt-best-practices and http://spectrum.ieee.org/telecom/security/how-to-build-a-safer-internet-of-things and The Cyber Defense Magazine also has some interesting articles on the challenge of IOT at: http://www.cyberdefensemagazine.com/newsletters/march-2015/index.html Embedded Systems Smart Appliance, devices with a computer. Communications & Network Security Converged protocols (e.g., FCoE, MPLS, VoIP, iSCSI) Software Defined Networks see: https://www.opennetworking.org/sdn-resources/sdn-definition Video to watch: https://www.youtube.com/watch?v=DiChnu_PAzA

and If you wish to learn more: https://www.youtube.com/watch?v=l25Ukkmk6Sk Storage and Network Convergence iSCSI and FCoE http://www.redbooks.ibm.com/redbooks/pdfs/sg247986.pdf Read chapter one of the document above for a quick overview. Content Distribution Networks Akamai Cloudflare Amazon CloudFront and Others Identity and Access Management Session Management Desktop Sessions Desktop sessions can be controlled and protected through several means including but not limited to the following: Screensavers Timeouts Automatic Logouts Session/ Login limitation Schedule Limitations Registration and Proofing of Identity Cloud Identity Services Security Assessment and Testing This is mostly a new domain that goes in a lot more depth about Security Assessment and Penetration Testing. The two document below will give you most of what you need to know. See: Penetrating Testing Guidelines from the PCI DSS Council

https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf And NIST SP 800-115Technical Guide to Information Security Testing and Assessment http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf Security Operations Asset Management and asset inventory https://www.sei.cmu.edu/productlines/frame_report/config.man.htm Configuration Management http://acqnotes.com/Attachments/IEEE%20Guide%20to%20Software%20Configuration%20Management.pdf WhiteListing and Blacklisting

understand advantages and Disadvantages Coverage of Sandboxing http://en.wikipedia.org/wiki/Sandbox_%28computer_security%29 A bit more details on Patch Management Technologies http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r3.pdf Read chapter 3 of the document above about the challenge of Patch Management Software Development Security Integrated Product Team (IPT) http://www.acq.osd.mil/se/docs/DoD-IPPD-Handbook-Aug98.pdf DevOps and its principles http://itrevolution.com/the-three-ways-principles-underpinning-devops/ http://theagileadmin.com/what-is-devops/ Software Assurance http://en.wikipedia.org/wiki/Software_assurance







Clement and Nathalie

Site owners and Founders

