Appendix 1 - Resources

  1. Axis Communications: Hardening Guide (http://www.axis.com/files/sales/axis_hardening_guide_1488265_en_1510.pdf)
  2. Bosch Security Systems: Bosch IP Video and Data Security Guidebook (https://resource.boschsecurity.com/documents/Data_Security_Guideb_Special_enUS_9007221590612491.pdf)
  3. British Standard BS EN 62676-1-1: Video surveillance systems for use in security applications, Part 1-1: System requirements – General (http://shop.bsigroup.com/browse-by-subject/security/electronic-security-systems/cctvstandards/)

    Describes the minimum requirements for a video surveillance system. See also related standards.

  4. Center for Internet Security: The CIS Critical Security Controls for Effective Cyber Defense (https://www.cisecurity.org/critical-controls.cfm)
  5. Cloud Security Alliance (CSA) (https://cloudsecurityalliance.org/) and the Cloud Controls Matrix (https://cloudsecurityalliance.org/download/cloud-controls-matrix-v3-0-1/)
  6. Defense Information Systems Agency (DISA): Security Technical Implementation Guides (STIGs) (https://public.cyber.mil/stigs/)
  7. Internet Engineering Task Force (IETF) (https://www.ietf.org/), multiple references
  8. ISO/IEC 15048 Information technology - Security techniques - Evaluation criteria for IT security (http://www.iso.org/iso/catalogue_detail.htm?csnumber=50341)
  9. ISO/IEC 31000, Risk management – Principles and guidelines (http://www.iso.org/iso/home/standards/iso31000.htm)
  10. ISO/IEC 31010, Risk management – Risk assessment techniques (http://www.iso.org/iso/catalogue_detail?csnumber=51073)
  11. ISO 27001: A standard and framework for managing threats in an information security management system (ISMS) (http://www.iso.org/iso/iso27001)
  12. ISO 27002: Information technology — Security techniques — Code of practice for information security controls (https://www.iso.org/obp/ui/#iso:std:iso-iec:27002:ed-2:v1:en)
  13. Microsoft Security Update Guide (https://technet.microsoft.com/en-us/security/dn550891.aspx)

    See also Automating security configuration tasks (https://technet.microsoft.com/en-us/library/bb490776.aspx), among others

  14. National Institute of Standards and Technology: Computer Security Division Computer Security Resource Center (http://csrc.nist.gov/)
  15. National Institute of Standards and Technology: Cybersecurity Framework (http://www.nist.gov/cyberframework/)
  16. Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy (https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final)
  17. National Institute of Standards and Technology: Managing Information Security Risk (http://csrc.nist.gov/publications/nistpubs/800-39/sp800-39-final.pdf)
  18. National Institute of Standards and Technology: Security and Privacy Controls for Federal Information Systems and Organizations SP 800-53- Revision 4 (http://dx.doi.org/10.6028/nist.sp.800-53r4) and Pre-Draft Revision 5 (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5-draft.pdf)
  19. NIST SP 800-100 Information Security Handbook: A Guide for Managers (http://csrc.nist.gov/publications/nistpubs/800-100/sp800-100-mar07-2007.pdf)
  20. NIST SP 800-124 Guidelines for Managing the Security of Mobile Devices in the Enterprise (http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-124r1.pdf)
  21. SANS Institute website (https://sans.org) and the SANS Critical Security Controls (https://www.sans.org/critical-security-controls/)
  22. Milestone XProtect VMS – Advanced Security Management