NIST Released the following Draft Special Publications (SP) Your Comments are Welcome

NIST Released the following Draft Special
Publications (SP):
(1) Draft Special Publication (SP) 800-175B, Guideline for Using
Cryptographic Standards in the Federal Government: Cryptographic Mechanisms
(2) Draft SP 800-46 Revision 2, Guide to Enterprise Telework, Remote
Access, and Bring Your Own Device (BYOD) Security
(3) Draft SP 800-114 Revision 1, User’s Guide to Telework and Bring Your
Own Device (BYOD) Security
(4) Draft SP 800-154, Guide to
Data-Centric System Threat Modeling, and
(5) PRE-DRAFT SP 800-53 (Revision 5), Security and Privacy Controls for
Federal Information Systems and Organizations

All 4 of these Draft and 1 PRE-Draft SPs are
available for public comment and can be found on the NIST CSRC website. 
See below for further details on these 5 draft documents.

 1. Draft SP 800-175B:
Information and links to Draft SP 800-175B can be found on the NIST CSRC Draft
publications page. Below is the link to this Draft:
http://csrc.nist.gov/publications/PubsDrafts.html#800-175B

Deadline
to submit comments: Friday,
April 29, 2016

Email
comments or questions about this draft document to:
[email protected]

2. Draft SP 800-46 Revision 2
Information and links to Draft SP 800-46 Revision 2 can be found on the
NIST CSRC Draft publications page. There is also a comment template available
to use to submit comments. Below is the link to this Draft: 
http://csrc.nist.gov/publications/PubsDrafts.html#800-46r2

Deadline
to submit comments: April
15, 2016

Email
comments or questions about this draft document to:
[email protected]

NIST
Public Affairs Office issued a press release about this draft and also for
Draft SP 800-114 Revision 1:
http://www.nist.gov/itl/csd/attackers-honing-in-on-teleworkers-how-organizations-can-secure-their-datata.cfm

3. Draft SP 800-114 Revision 1
Information and links to Draft SP 800-114 Revision 1 can be found on the
NIST CSRC Draft publications page. There is also a comment template available
to use to submit comments. Below is the link to this Draft: 
http://csrc.nist.gov/publications/PubsDrafts.html#800-114r1

Deadline
to submit comments: April
15, 2016

Email
comments or questions about this draft document to:
[email protected]

4. Draft SP 800-154
Information and links to Draft SP 800-154 can be found on the NIST CSRC Draft
publications page. There is also a comment template available to use to submit
comments. Below is the link to this Draft: 
http://csrc.nist.gov/publications/PubsDrafts.html#800-154

Deadline
to submit comments: April
15, 2016

Email
comments or questions about this draft document to:
[email protected]

5. (PRE-DRAFT) NIST SP 800-53 Revision 5

Full
details can be found on the CSRC website:
http://csrc.nist.gov/groups/SMA/fisma/sp800-53r5_pre-draft.html

Please
respond by April 1st 2016
to the call for comments to:
[email protected]

**Important
Note:  There is no actual document for Revision 5 as
yet.  To submit your comments / suggestions, you will need to refer to and
reference from SP 800-53 Revision 4 to formulate your feedback to potentially
help improve this document  to a Revision 5. Click the 1st link
above to this Pre-Draft to learn all the details on this exercise.

Free Cyber Security & Ethical Hacking Training Course

I found this on LinkedIn and thought this might be of interest to others.
 
The exponential growth in Cybercrime has created an emergency situation, the infosec community has also realized that we don’t have enough workforce to work and counter the increasing hacking attacks. People from every corner of the world has started to learn the cyber security principles and ethical hacking techniques,

The free cyber security and ethical hacking training is the course that teaches the principle of penetration testing, attacking methodologies and techniques. The aim of this course is to prepare beginners to conduct the penetration testing. This is an idea course for beginners to learn the practice and be ready to learn some advance techniques in future.
This course goes from basic to advance where you will get a chance to learn:
  • Information gathering
  • Scanning enumeration & footprinting
  • Open source intelligence gathering
  • Utilizing opensource tools to find the information
  • System hacking
  • Proxy server and chaining
  • Keyloggers, Trojan and other viruses
  • Networking sniffing and session hijacking
  • SQL Injection and cross site scripting
  • Buffer overflow and exploit writing
  • Reverse engineering
  • Cryptography
  • And more…
To learn more go here

Free Ebook on Windows 10 for IT Pro

 
 
Introducing Windows 10 for IT
Professionals, Technical Overview
Get information what will help you get more
out of your evaluation of Windows 10. This free e-book will walk you through
the enterprise-focused features that are different from the Windows versions
you and your organization are using today so that you can start planning for
deployment.

Great Resource on Windows 10 Device Guard and Credential Guard Demystified

While helping Windows Enterprise customers deploy and realize the benefits of Windows 10, I’ve observed there’s still a lot of confusion regarding the security features of the operating system. This is a shame since some of the key benefits of Windows 10 involve these deep security features. This post serves to detail the Device Guard and Credential Guard feature sets, and their relationship to each other.
 
First, let’s set the foundation by thinking about the purpose of each feature:
 
Device Guard is a group of key features, designed to harden a computer system against malware. Its focus is preventing malicious code from running by ensuring only known good code can run.
 
Credential Guard is a specific feature that is not part of Device Guard that aims to isolate and harden key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector.
 
The two are different, but complimentary as they offer different protections against different types of threats. Let’s dive in and take a logical approach to understanding each.
It’s worth noting here that these are enterprise features, and as such are included only in the Windows Enterprise client.
 
The rest of the article can be found here.
 
 

IRS Alerts Payroll and HR Professionals to Phishing Scheme Involving W-2s

WASHINGTON   The
Internal Revenue Service today issued an alert to payroll and human resources
professionals to beware of an emerging phishing email scheme that purports to
be from company executives and requests personal information on employees.

 The IRS has learned this scheme   part of the surge in phishing emails seen
this year   already has claimed several
victims as payroll and human resources offices mistakenly email payroll data
including Forms

W-2 that contain Social Security numbers and other
personally identifiable information to cybercriminals posing as company
executives.

  This is a new
twist on an old scheme using the cover of the tax season and W-2 filings to try
tricking people into sharing personal data. Now the criminals are focusing
their schemes on company payroll departments, 
said IRS Commissioner John Koskinen. 
If your CEO appears to be emailing you for a list of company employees,
check it out before you respond. Everyone has a responsibility to remain
diligent about confirming the identity of people requesting personal
information about employees.

IRS Criminal Investigation already is reviewing several
cases in which people have been tricked into sharing SSNs with what turned out
to be cybercriminals. Criminals using personal information stolen elsewhere
seek to monetize data, including by filing fraudulent tax returns for refunds.

This phishing variation is known as a  spoofing 
email. It will contain, for example, the actual name of the company
chief executive officer. In this variation, the 
CEO  sends an email to a company
payroll office employee and requests a list of employees and information
including SSNs.

The following are some of the details contained in the
e-mails:

               Kindly send me the individual 2015
W-2 (PDF) and earnings summary of

all W-2 of our company staff for a quick review.

               Can you send me the updated list
of employees with full details

(Name, Social Security Number, Date of Birth, Home
Address, Salary).

               I want you to send me the list of
W-2 copy of employees wage and tax

statement for 2015, I need them in PDF file type, you can
send it as an attachment. Kindly prepare the lists and email them to me asap.

 
The IRS recently renewed a wider consumer alert for
e-mail schemes after seeing an approximate 400 percent surge in phishing and
malware incidents so far this tax season and other reports of scams targeting
others in a wider tax community.

 The emails are designed to trick taxpayers into thinking
these are official communications from the IRS or others in the tax industry,
including tax software companies. The phishing schemes can ask taxpayers about
a wide range of topics. E-mails can seek information related to refunds, filing
status, confirming personal information, ordering transcripts and verifying PIN
information.

 Go here for more information…..

 
FYI  this is a repost that  i believe is interest to readers of my blog.

Microsoft Virtual Academy Courses for IT Pros

Microsoft has Microsoft Virtual Academy (MVA) that has lots of good content for you … Here are some IT Pros classes the are all free

Using PowerShell for Active Directory

IT Pros, if you want to automate redundant tasks correctly watch this course and discover how to turn your real-time management and automation scripts into useful reusable tools and cmdlets. Learn to use PowerShell to better create, query, update, delete, and manage your Active Directory. Our expert instructors show you what you need to know about how PowerShell works, and how to put it to work for you!


Enterprise Mobility Suite: Beyond “Bring Your Own Device”

In this course, you’ll learn the basics of Advanced Threat Analytics (ATA), including what it does and how it works. You’ll also get an in-depth look at the supporting services and infrastructure to further implement, manage, and protect your technology assets through on-premises and user-owned technologies and devices. Take what you’ve learned about Enterprise Mobility Suite (EMS) and “Bring Your Own Device” (BYOD) to the next level in this demo-rich training course!


Azure Active Directory Core Skills Jump Start

If you’re constantly resetting customer passwords, this course could solve the problem! Microsoft Corporate Vice President Brad Anderson and Microsoft Technical Evangelist Simon May dive into enterprise mobility, BYOD, and Identity and Access Management (IAM). Don’t miss this in-depth exploration of Azure Active Directory.​​​


Windows 10: Top Features for Consumers

Watch this course for hands-on Windows 10 training for consumers and IT Pros! You’ll get an in-depth look with popular author and technology journalist Ed Bott and Microsoft Worldwide Retail Sales & Marketing Director Ben Rudolph. Explore Windows Hello and the Start menu, along with Cortana, OneDrive, mail, and photos, get practical tips for using Windows 10, and learn about Microsoft Edge

Getting Started with Azure Security for the IT Professional

Does a cloud solution meet your bar for security? If you’re looking at the cloud, you probably have a lot of questions about available solutions, including whether it meets industry standards, attestations, and ISO certifications. Get the information and the confidence you need, from the pros who know, as they demystify security in the cloud. Watch here.

Hybrid IT Management Part 1: Insights, Visibility, and Security Analytics

Watch this course to get deep insights and visibility into your infrastructure, and learn to help protect your IT environment. Microsoft experts show you how to make the most of powerful, robust security and threat analytics capabilities as you modernize your datacenter, in this first in a multi-part series on hybrid IT management.

Deep Dive into Azure Resource Manager Scenarios and Patterns

IT Professionals and Architects, if you’ve got an Azure application with a lot of components or if you’re setting up an Azure deployment, watch this course. An international team of experts shows you how to use Azure Resource Manager (ARM) to manage your Resource Groups and to easily spin up or spin down elements of your application infrastructure.

Microsoft Intune and System Center Configuration Manager Core Skills

Are you continuously balancing flexibility and security, as you enable mobility? We can help! Watch this course as Microsoft Director of Program Management Michael Wallent, Microsoft Technical Evangelist Simon May, and Microsoft engineers teach you how to enable BYOD by deploying a mobile device management (MDM) solution.

A Deep Dive into Nano Server

How does Nano Server fit into the software-defined datacenter? Watch here to get the details, in this fact-filled exploration of Nano Server, led by a team of experts. Learn how to build, deploy, and manage Nano Server to increase speed and agility, tighten security, decrease resource consumption, and boost ROI in the integrated datacenter and into the cloud.


Security in a Cloud-Enabled World

How secure is your data in the cloud? Watch here to find out, with Microsoft Chief Security Advisor Tim Rains and Microsoft Solutions Architect Mark Simos, as they walk you through the customer responsibility roadmap in the Microsoft Cloud Security for Enterprise Architects poster. Whether you’re securing IT assets in a public cloud or a hybrid implementation, if you’re concerned about the increase in cybersecurity threats, don’t miss this opportunity to learn from the same framework that the Microsoft cybersecurity team uses.​

Azure Active Directory Core Skills Jump Start

Watch this course as Microsoft Corporate Vice President Brad Anderson and Microsoft Technical Evangelist Simon May help you prepare your environment for mobility with Windows 10, including Identity and Access Management (IAM) in Azure AD, single sign-on, user self-service management, multifactor authentication, and more!

 
Security in the Enterprise
In this course, experts Simon May and Erdal Ozkaya take you through
social media platforms to discover how they really work. Get tips and practical advice on social
networking security, and explore methods of developing a secure baseline and how to harden your
Windows Enterprise architectures and applications from pass-the-hash and other advanced attacks.
Learn how to help improve your organization’s security with Microsoft operating systems and tools.




 

Microsoft Virtual Academy Courses for Azure users

Microsoft has Microsoft Virtual Academy (MVA) that has lots of good content for you … Here are some Azure classes the are all free


Azure Active Directory Core Skills Jump Start

If you’re constantly resetting customer passwords, this course could solve the problem! Microsoft Corporate Vice President Brad Anderson and Microsoft Technical Evangelist Simon May dive into enterprise mobility, BYOD, and Identity and Access Management (IAM). Don’t miss this in-depth exploration of Azure Active Directory.​​​

Getting Started with Azure Security for the IT Professional

Does a cloud solution meet your bar for security? If you’re looking at the cloud, you probably have a lot of questions about available solutions, including whether it meets industry standards, attestations, and ISO certifications. Get the information and the confidence you need, from the pros who know, as they demystify security in the cloud. Watch here.

Hybrid IT Management Part 1: Insights, Visibility, and Security Analytics

Watch this course to get deep insights and visibility into your infrastructure, and learn to help protect your IT environment. Microsoft experts show you how to make the most of powerful, robust security and threat analytics capabilities as you modernize your datacenter, in this first in a multi-part series on hybrid IT management.

Deep Dive into Azure Resource Manager Scenarios and Patterns

IT Professionals and Architects, if you’ve got an Azure application with a lot of components or if you’re setting up an Azure deployment, watch this course. An international team of experts shows you how to use Azure Resource Manager (ARM) to manage your Resource Groups and to easily spin up or spin down elements of your application infrastructure.

Azure Active Directory Core Skills Jump Start

Watch this course as Microsoft Corporate Vice President Brad Anderson and Microsoft Technical Evangelist Simon May help you prepare your environment for mobility with Windows 10, including Identity and Access Management (IAM) in Azure AD, single sign-on, user self-service management, multifactor authentication, and more!

 
Using XML in SQL Server and Azure SQL Database

View this course to learn about XML, a commonly used data format often used to store and
communicate data structures used by applications. Our instructors show you how SQL Server
and Azure SQL Database provide built-in support for XML that enables application developers
to combine relational and XML data structures at the database

 



 

Microsoft Virtual Academy Courses for Developers

 
Microsoft has Microsoft Virtual Academy (MVA) that has lots of good content for you … Here are some developer classes the are all free

 
Windows 10 Development for Absolute Beginners
Interested in developing for Windows 10? If you’re just getting started, join the always-popular Bob Tabor, as he steps you through dozens of modules. Plus, see lots of demos, take interesting challenges, and even play games, including the Album Cover Match Game, all while building your Windows 10 dev knowledge. Watch now!

 
Developing for Windows 10
Want to develop for Windows 10? Check out these courses! If you’re just getting started, join the always-popular Bob Tabor, as he steps you through dozens of modules of Windows 10 goodness. If you have experience developing apps for Windows 8.1 and want to try your hand at Windows 10, there are plenty of options for you, from explorations of the Universal Windows Platform, Live Tiles, and Inking, to data binding, speech recognition, and Cortana.​

 

Querying with
Transact-SQL
Watch this course to
learn to think in T-SQL – and prepare for much of Exam 70-461:
Querying Microsoft SQL Server 2012. In this series of self-paced
modules – including lectures, demos, hands-on labs, and self-assessments – our
expert instructors will teach you to build a solid Transact-SQL foundation and
show you how to use Transact-SQL to retrieve, insert, update, and delete data
in a database.
 

Using XML in SQL Server and Azure SQL Database    
View this course to learn about XML, a commonly used data format often used to store and communicate data structures used by applications. Our instructors show you how SQL Server and Azure SQL Database provide built-in support for XML that enables application developers to combine relational and XML data structures at the database level.

 

JavaScript
for Experienced Developers

C#, C++, or Java Developers interested
in adding JavaScript to your toolbox, watch this course led
by the entertaining and informative Christopher
Harrison. Learn how to create an object, classes, and
inheritance. And look into advanced topics, like managing asynchronous
operations. Plus, explore cool add-ins to enhance your apps. A must-watch!

 

Hybrid IT
Management Part 1: Insights, Visibility, and Security Analytics

Watch this course
 to get deep insights and visibility into your infrastructure, and learn
to help protect your IT environment. Microsoft experts show you how to
make the most of powerful, robust security and threat analytics capabilities as
you modernize your datacenter, in this first in a multi-part series on hybrid
IT management.

 

 

 

 

 

 
 

Free ebook: Deploying Windows 10: Automating deployment by using System Center Configuration Manager

 
 
Microsoft has a new eBook for you. Deploying Windows 10: Automating deployment by using System Center Configuration Manager.
 
Get a head start deploying Windows 10—with tips and best practices from experts in the field. This guide shows you how to deploy Windows 10 in an automated way without impacting end users by leveraging System Center Configuration Manager, which is the most used product to deploy Microsoft operating systems in the industry today.
 
Here’s what the book contains:
Chapter 1 provides highlights of what’s new in Windows 10 and why you should implement it.
 
Chapter 2 familiarizes you with the Windows 10 deployment options as well as with some tips about which deployment methods to use when planning to upgrade to Windows 10.
 
Chapter 3 examines the Operating System Deployment (OSD) concepts to prepare you for deployment when using System Center Configuration Manager.
 
Chapter 4 is intended to be a walk-through—a tour of how to deploy Windows 10 using System Center Configuration Manager and its details.
 
You can download the book Here
 

Microsoft New Booster Pack

 
Microsoft today announced a new offering call the Booster pack. It consists of three options designed to give customers choices based on their preferences. The offer is good March 7 to August 31, 2016.
 
Options include:
 
A. Practice test + An MCP exam voucher
       The practice test is accessible online and valid for 30 days from activation.
       1 Microsoft Exam Voucher
 
B. An MCP exam voucher + 4 exam retakes
     With 4 retakes you’ll get plenty of chances at success.
 
C. Practice test + An MCP exam voucher + 4 exam retakes
     With a practice test you can spend quality time preparing.
     Plus 4 exam retakes give you exam-day peace of mind.
 
No matter which option you choose, the odds are in your favor. Visit Microsoft  special offers page to learn more and purchase your own Booster Pack today! 
 

 


**Microsoft exam retake policies apply. See the FAQ and complete terms and conditions for the offer.