Highest Voted 'standards' Questions - IT Security Stack Exchange

0

votes

0 answers

Was ISO 17799:2005 the first ISO standard to introduce risk management?

I'm doing research into ISO 17799:2005, more specifically its policies related to risk management and its involvement on risk management in the wider IT sector, but I can't find out the answer to: Was ISO 17799:2005 the first standard to introduce…

audit risk-management standards

asked Jan 31 '19 at 15:05

Cpt Price

1
1

0

votes

1 answer

What's the relation between a Security Framework & Standards, Guidelines, Procedures and Policies?

I'm currently writing a paper about security standards. Therefore several terms have to be defined before I can actually start. The problem is that in every resource the term "Framework" is somehow connected to the terms "Standard", "Guideline",…

corporate-policy terminology risk-management standards

asked Jan 05 '19 at 08:39

koapsi

25
5

0

votes

2 answers

Software Signing Standards

Is there a software signing certificates standard, officially or by popularity? As I understand the SSL/TLS/https certificates rules are specified by the RFCs. Mixed use of servers and clients from different vendors will just interoperate without a…

software code-signing standards

asked Dec 15 '18 at 19:37

minghua

165
10

0

votes

1 answer

What should be the life time for SMS OTP?

I've tried to find such a standard that mention the lifetime of SME OTP, however, NIST is no longer recommended using SMS OTP due to the risk involved. Regardless of the security concerns, I still need to implement SMS OTP and would like to know the…

one-time-password standards

asked Sep 03 '18 at 04:00

Kong

35
7

0

votes

3 answers

When should TouchID/Fingerprint log-in expire?

I couldn't find such a standard which mention about TouchID or fingerprint log in expiration date. Suppose I have an application and allow users to log in using the fingerprint. I would like to know for how long should I allow my user to log in with…

authentication passwords fingerprint standards expiration-date

asked Aug 31 '18 at 01:52

Kong

35
7

0

votes

1 answer

Trustable Sources For Security Algorithms and Standards?

I am learner of cryptographic algorithms and security standards. I usually Google it to understand the basics of the algorithm or the protocol, and to find an implementation of a protocol. However I can never be sure if the algorithm I am looking…

cryptography protocols standards

asked Jul 03 '18 at 07:56

Pilfility

442
4
14

0

votes

1 answer

Envelope formats to store (symmetric) encrypted text

We have decided to use AES to cipher user data. So for every data chunk we have the crypted text along with the SALT. Now we have to store both of them in the database and we do not want to separate the SALT from crypted text in different columns.…

cryptography aes standards

asked May 04 '17 at 07:42

robob

243
2
8

0

votes

0 answers

Recognized complement to OWASP's ASVS requirements

The OWASP ASVS focuses on web-application verification. It is free and recognised worldwide as a good reference to build upon, or simply reuse. It is useful to use it when outsourcing web development. However OWASP does not provide similar…

source-code standards requirements outsourcing asvs

asked Apr 06 '17 at 09:48

niilzon

1,587
2
10
17

0

votes

1 answer

PCI DSS or PCI Standard - Standards | Requirement | Implementation

I have done ISO 27001 implementation and auditin. I want to get a clear idea of PCIDSS standard. What is PCI DSS (I know the abbreviation) What are all the materials and sites to refer? What are all the standard documents to refer? What are the…

pci-dss compliance iso27001 standards

asked Oct 10 '16 at 05:18

sujansuresh

11
1

0

votes

1 answer

PDF encryption anomaly; version 1.5 using AES

I'm not sure if this is the correct forum to ask this question so please accept my apologies in advance if this is the wrong place. (I have already posted this in the Programmers section but I've yet to receive an answer.) I recently created an…

encryption java pdf standards

asked Jun 20 '16 at 22:52

Chris

3
1

0

votes

2 answers

Certifying software as secure

What security certifications do major banks in the US expect an external software vendor to comply with? The software might form part of their payment processing system. ISO/IEC 27001 would apply to an organization's ISM practices. Would the…

audit standards

asked Jun 17 '16 at 10:09

bincob

111
2

0

votes

1 answer

Are there Secure Coding Standards other that CERT?

I am familiar with the CERT Secure Coding Standart. Are there also any other secure coding standarts other than the CERT ones?

secure-coding standards

asked Apr 08 '16 at 13:54

Exagon

171
4

-1

votes

1 answer

ISO 27001 2013 version not being updated

Is there any reason why an information security standard such as ISO 27001 is not getting updated as Information Security field is constantly changing and also the requirements but its latest version is for 2013?

iso27001 standards iso27002

asked Jun 20 '21 at 21:12

John

21
4

-1

votes

1 answer

Standards and Guidelines Pro/Con Anti Malware programs

For a whitepaper about anti-malware products used in combination with (server side) applications and infrastructure components (database server) I am looking for standards, guidelines and codified best-practices which recommend, demand or forbid…

antivirus audit antimalware standards

asked Apr 10 '18 at 09:40

eckes

962
8
19

Questions tagged [standards]