Text Size:   A+ A- A   •   Text Only
Enterprise Security Office

Publications and Resources
ISO 27001, 27002, 27005, 31000 IAM Forum
Security Trends Government Industry Resources
Security Tips Newsletter
ESO Presentations, Resources
H1N1 Workforce Reduction
Malware
ISO 27001, 27002, 27005, 31000
The state of Oregon, Department of Administrative Services has a Network Site License Agreement with ANSI for dissemination of an electronic version of the International Standards ISO/IEC 27001:2005; 27002:2005; 27005:2001; and 31000:2009. The intent of the site license is to provide access to these standards within Oregon state government.
 
These standards are available to Oregon state employees by accessing the state of Oregon intranet at https://intranet.egov.oregon.gov/sites/DAS/EISPD/ESO/ISO.jsp.
 
ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.
 
ISO/IEC 27002:2005 establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives outlined provide general guidance on the commonly accepted goals of information security management. ISO/IEC 27002:2005 contains best practices of control objectives and controls.
 
ISO/IEC 27005:2011 provides guidelines for information security risk management.  It supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach.
 
ISO 31000:2009 provides principles and generic guidelines on risk management. It can be applied throughout the life of an organization, and to a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services and assets.
 
Security Trends
      2011
October
September 
August
June
May
April
March
February
 
      2010
May 
 
       2009
December 
November 
October
September
August 
July 
June 
May 
April 
March
February
January 
2008
December 
November 
October
September
August
July
June
May
April
March
February
January
2007
November
October
September
August
July
 
Security Tips Newsletter
2012
Emerging Trends and Threats for 2012 - January (pdf)
 
2011
Staying Safe on Social Networking Sites - December (pdf)
Tips for Secure Shopping Online During the Holiday Season - November (pdf)
Cyber Security and You: Top 10 Tips - October (pdf)
Disaster Preparedness for Personal Information Assets - September (pdf)
Phishing Alerts - August (pdf) 
Cyber Crime: How it happens and how you can protect yourself - July (pdf) 
Securing Mobile Devices - June (pdf) 
Cyber Bullying - May (pdf)
Information about the recent Epsilon Breach - April (pdf)
Safeguarding Your Personal Data - March (pdf)
Cyber Ethics - February (pdf)
Cyber Secuirty Emerging Trends and Threats for 2011 - January (pdf) 

 
2010
Increase in JAVA Exploits - December (pdf) 
Online Holiday Shopping Security Tips - November (pdf) 
Why Cyber Security is Important - October (pdf)
Detecting and Avoiding Fake Anti-Virus Software - September (pdf) 
Protecting Children Online - August (pdf) 
Protecting Data in Copiers and Printers - July (pdf) 
Home PC Maintence for Windows OS - June (pdf) 
Identity Theft - May (pdf) 
Cloud Computing - April (pdf) 
Security and Privacy on Social Networking Sites - March (pdf) 
Backing Up Your Files - February (pdf) 
Cyber Security Trends for 2010 - January (pdf) 
 
2009
Automatic Software Updates and Patching - December (pdf) 
Online Holiday Shopping Tips - November (pdf) 
Top Ten Cyber Security Tips - October (pdf)
Cyber Ethics - September (pdf) 
Cookies - August (pdf) 
What is Cybercrime? - July (pdf)
All This Functionality in One Device! - June (pdf) 
Rogue (Fake) Anti-Virus Software: How to Spot It & Avoid It! - May (pdf) 
Security of Credit Card Transactions - April (pdf)
Social Networking Sites: How to Stay Safe - March (pdf) 
Cyber Security Trends for 2009 - February (pdf) 
Challenge or Secret Questions - January (pdf)
2008
Pop Ups - December (pdf) 
Internet Shopping - How to Enhance Your Security Online - November (pdf) 
Phishing - How to avoid getting hooked! - October (pdf)
Personal Privacy - September (pdf)
Firewalls - August (pdf)
Web Browser Attacks - July (pdf)
Data Breach - June (pdf)
Using Encryption to Protect Data - May (pdf)
Social Engineering -- Are You at Risk? - April (pdf)
Annual Maintenance For Computers - March (pdf)
Securing a Wireless Network - February (pdf)
Securing Your Laptop - January (pdf)
 
2007
Online Shopping - December (pdf)
Phishing - November (pdf)
Protecting Your Child Online - October (pdf)
What You Need to Know About Botnets - September (pdf)
Internet Hoaxes and Urban Legends - August (pdf)
Telecommuting Security Risks - July (pdf)
Recognizing and Avoiding Spyware - June (pdf)
Unintentional Information Disclosure - May (pdf)
Security Concerns: Peer To Peer (P2P) File Sharing - April (pdf)
Safeguarding Your Data - March (pdf)
Protecting Portable Devices - February (pdf)
Dealing with Cyberbullies - January (pdf)
 
2006
Preventing and Responding to Identity Theft - December (pdf)
Safe Online Shopping - November (pdf)
Home Computer Security Tips - October (pdf)
Staying Safe on Social Networking Sites - September (pdf)
Erasing Information and Disposal of Media - August (pdf)
How Anonymous Are You? - July (pdf)
Why Cyber Security is Important - June (pdf)
 
 
Want to customize this newsletter for your own distribution?
Contact Cinnamon Albin, Enterprise Security Office at (503) 373-1496.
ESO Presentations, Resources
Presentations

Acceptable Use information forum
3/31/2008
 [PowerPoint
Controlling Portable and Removable Devices forum
4/21/2008
 [PowerPoint
Encryption
5/20/2008
 [PowerPoint
Information Asset Classification information forum
1/30/2008
 [PowerPoint]
Security of Personal and Financial Data
4/8/2008
 [pdf]
Security Plans
6/23/2008
 [PowerPoint]
Software Security and Procurement
3/10/2009
 [PowerPoint]
Transporting Information Assets information forum
8/24/2007
 [PowerPoint]
User Awareness information forum
2/29/2008
 [PowerPoint]
 
 

Resources
 
Link to a Multi-State ISAC document regarding unauthorized wire transfers and compromised cyber networks:
 
http://www.msisac.org/documents/Wire-transfer-fraud-recommendations-2010.pdf
 

Whitepapers

Common Application Security Vulnerabilities
4/8/2008
 [pdf]
Printer Security Advisory
2/13/2009
 [pdf]
Secure Application Development Resources
 5/1/2008
 [pdf]

Guidelines and Templates

Information Asset Classification methodology
10/24/2007
 [Word]
Oregon Consumer ID Theft Protection Act Safeguard Best Practices checklist
10/9/2007
 [pdf]
Oregon Consumer ID Theft Protection Act Notification Best Practices checklist
10/9/2007
 [pdf]

H1N1 Workforce Reduction
Reference materials from the H1N1 Workforce Reduction Forum:
H1N1 Workforce Reduction PowerPoint (ppt) 
DHS Workplace Brochure (pdf) 
 
Agency Pandemic Influenza Planning Checklist (doc)
 
Telecommuting Draft Policy - 092109 (pdf) 
 
Video from the H1N1 Workforce Reduction Forum (rmvb)
Malware
Malware Forum Page
IAM Forum
IAM Presentation November 9, 2010 (pptx)
Government Industry Resources
This Web site is a one-stop national resource to learn about the crime of identity theft. It provides detailed information to help you deter, detect, and defend against identity theft. While there are no guarantees about avoiding identity theft, there are steps you can take to minimize your risk and minimize the damage if a problem occurs.
 
OnGuardOnline.gov provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information.
U.S. Computer Emergency Readiness Team 
Established in 2003 to protect the nation's Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation.

Page updated: January 26, 2012