News

Cybersecurity Awareness Month Week 1 : Be Cyber Smart The threat of ransomware is clear and present. Our friends at NIST have released a short animated video to illustrate how ransomware attacks happen and the impact it can have on small businesses. Remember that applying patches, verifying that you have good backups, using strong passwords and multifactor authentication is a …

October is Cybersecurity Awareness Month! Now in its 18th year, Cybersecurity Awareness Month is a broad effort to help all Americans stay safer and more secure online. The theme this year is s “Do Your Part. #BeCyberSmart.” Week of October 4 (Week 1): Be Cyber Smart Applying patches, verifying that you have good backups, using strong passwords and multifactor authentication …

Cybersecurity is still in it’s infancy as an academic discipline. The Cybersecurity and Infrastructure Security Agency (CISA) developed the Cybersecurity Workforce Training Guide as a resource to help professionals and organizations understand the Work Roles, Tasks, and Knowledge, Skills, and Abilities (KSAs) of the various, and highly divergent, specialties of this field. This guide is a tool you can use …

In 2014 NIST was tasked with creating a “prioritized, flexible, repeatable, performance-based, and cost-effective approach” for critical infrastructure to help identify, assess, and manage cyber risks. The NIST Cybersecurity Framework (CF) revolves around 5 key functions. Identify, Protect, Detect, Respond, Recover. “Organizations will continue to have unique risks – different threats, different vulnerabilities, different risk tolerances. They also will vary …

Cyber Resiliency is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems. Our friends at NIST have a released a draft of “Developing Cyber-Resilient Systems: A Systems Security Engineering Approach”. This document focuses on cyber resiliency engineering, an emerging specialty systems engineering discipline. “Numerous reports of cyber incidents and cyber breaches …

The May 12th Executive Order on Improving the Nation’s Cybersecurity directed our friends at NIST to publish guidelines on vendors’ source code testing. As a result NIST recently published Guidelines on Minimum Standards for Developer Verification of Software. An excellent resource for organizations that develop software in-house, it is also useful for organizations that want to practice due care when …

On July 15th the US government released a new website that is the result of an inter-agency “whole-of-government” effort to curb the rise of ransomware cases. This new website is a “one stop shop” for preventing, detecting, reporting, and recovering from ransomware. StopRansomware.gov is an excellent resource for all organizations. “CISA is developing a catalog of Bad Practices that are …

Our friends at MITRE have developed a new cybersecurity framework! The D3FEND framework is intended to improve the security of DoD systems by offering a catalog of defensive countermeasures against common attack techniques. Funded by the National Security Agency, this framework is a defensive counterpart to the ATT&CK framework. “Kill-chain oriented and derived threat models have proved popular and effective. …

Recent events involving the scraping of personal information from social media sites such as the Facebook Leak and LinkedIn Leak should give us all pause to re-evaluate what we consider to be private information. Once data points such as cellphone number, personal email address, and birthday are collected and released in public data sets there is no way to make …