Relationship between a policy, standard, guideline, and procedure

May 16, 2009 by · 2 Comments 

After a recent conversation explaining the relationship between a standard and guideline, I thought I’d post this diagram which clearly shows the relationship, at that of policies and procedures.


Source: CISA Certified Information Systems Auditor Study Guide

Cold boot attacks on disk encryption

In the “featured videos” section of my blog, you’ll notice a new video discussing cold boot attacks. The premise behind cold boot attacks is that they can be used to extract data from systems even if the system uses disk encryption. Specifically, when an attacker has physical access to a system, they can take advantage of the fact that a screen locked or “sleeping” system holds crypto keys in RAM after it’s powered-off. After pulling the plug, an attacker can use the short window that the data stays in RAM, or simply cool the RAM with a can of air for more time.

Check out the video–it’s pretty insightful!


I’ve provided the video below…


Warning: Unknown: open(/home/content/30/5076530/tmp/sess_8j4qes0qegfgc0pos60ocj6ps3, O_RDWR) failed: No such file or directory (2) in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0