NIST logo

Publications Portal

You searched on:
Topic Area: Cybersecurity

Displaying records 91 to 100 of 210 records.
Resort by: Date / Title


91. Of Passwords and People: Measuring the Effect of Password-Composition Policies
Topic: Cybersecurity
Published: 5/11/2011
Authors: Serge M. (Serge) Egelman, Saranga Komanduri, Richard Shay, Patrick Gage Kelley, Michelle L. Mazurek, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor
Abstract: Text-based passwords are the most common mechanism for authenticating humans to computer systems. To prevent users from picking passwords that are too easy for an adversary to guess, system administrators adopt password-composition policies (e.g., ...
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=907615

92. Encryption Basics
Topic: Cybersecurity
Published: 5/2/2011
Authors: Kevin Mcguire Stine, Quynh H Dang
Abstract: Healthcare and health information technology professionals are entrusted with patient data which, because of its personal nature, requires protection to ensure its confidentiality. To provide this protection, these professionals frequently look to c ...
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=908084

93. BIOS Protection Guidelines
Series: Special Publication (NIST SP)
Report Number: 800-147
Topic: Cybersecurity
Published: 4/29/2011
Authors: David A Cooper, William T Polk, Andrew Richard Regenscheid, Murugiah P Souppaya
Abstract: This document provides guidelines for preventing the unauthorized modification of Basic Input/Output System (BIOS) firmware on PC client systems. Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat becaus ...
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=908423

94. Toward Privacy Standards Based on Empirical Studies
Topic: Cybersecurity
Published: 4/28/2011
Authors: Serge M. (Serge) Egelman, Erika McCallister
Abstract: In this paper, we argue that if privacy standards are created to guide ,do-not-trackŠ technologies, it is imperative that these standards are created with the primary stakeholder in mind: the data subject. Previous privacy and security standards ha ...
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=908282

95. Full Virtualization Technologies: Guidelines for Secure Implementation and Management
Series: ITL Bulletin
Topic: Cybersecurity
Published: 4/25/2011
Author: Shirley M. Radack
Abstract: This bulletin summarizes the information presented in NIST SP 800-125, Guide To Security for Full Virtualization Technologies: Recommendations of the National Institute of Standards and Technology, which was written by Karen Scarfone of G2, Inc., Mu ...
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=908456

96. Specification for the Open Checklist Interactive Language (OCIL) Version 2.0
Series: NIST Interagency/Internal Report (NISTIR)
Report Number: 7692
Topic: Cybersecurity
Published: 4/7/2011
Authors: David Anthony Waltermire, Karen Scarfone, Maria Casipe
Abstract: This report defines version 2.0 of the Open Checklist Interactive Language (OCIL). The intent of OCIL is to provide a standardized basis for expressing questionnaires and related information, such as answers to questions and final questionnaire resul ...
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=907944

97. The Policy Machine: a Novel Architecture and Framework for Access Control Policy Specification and Enforcement
Topic: Cybersecurity
Published: 4/1/2011
Authors: David F Ferraiolo, Vijay (Vijay) Atluri, Serban Ilie Gavrila
Abstract: The ability to control access to sensitive data in accordance with policy is perhaps the most fundamental security requirement. Despite over four decades of security research, the limited ability for existing access control mechanisms to generically ...
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=905440

98. Managing Information Security Risk: Organization, Mission, and Information System View
Series: ITL Bulletin
Topic: Cybersecurity
Published: 3/22/2011
Author: Shirley M. Radack
Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-39, Integrated Enterprise-Wide Risk Management: Organization, Mission and Information System View. This publication was developed by the Joint Task Force Transf ...
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=908207

99. It's All About The Benjamins: Fair Trade botnets and incentivizing users to ignore security advice
Topic: Cybersecurity
Published: 2/28/2011
Authors: Serge M. (Serge) Egelman, Nicolas Christin, Timothy Vidas, Jens Grossklags
Abstract: We examine the cost for an attacker to pay users to execute arbitrary code---potentially malware. We created an Amazon's Mechanical Turk task wherein users were asked to download and run for an hour an executable we wrote. While this program was ...
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=907421

100. Guide to Using Vulnerability Naming Schemes
Series: Special Publication (NIST SP)
Report Number: 800-51rev1
Topic: Cybersecurity
Published: 2/25/2011
Authors: David Anthony Waltermire, Karen Scarfone
Abstract: This publication provides recommendations for using two vulnerability naming schemes: Common Vulnerabilities and Exposures (CVE) and Common Configuration Enumeration (CCE). Draft SP 800-51 Revision 1 gives an introduction to both naming schemes an ...
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=907934



Search NIST-wide:


(Search abstract and keywords)


Last Name:
First Name:







Special Publications:

Looking for a NIST Special Publication (NIST SP Series)? Place the series number and dash in the report number field (Example: 800-) and begin your search.

  • SP 250-XX: Calibration Services
  • SP 260-XX: Standard Reference Materials
  • SP 300-XX: Precision Measurement and Calibration
  • SP 400-XX: Semiconductor Measurement Technology
  • SP 480-XX: Law Enforcement Technology
  • SP 500-XX: Computer Systems Technology
  • SP 700-XX: Industrial Measurement Series
  • SP 800-XX: Computer Security Series
  • SP 823-XX: Integrated Services Digital Network Series