News

Cyber criminals continue to profit from ransomware. The Cybersecurity & Infrastructure Security Agency has released a comprehensive guide of best practices to avoid becoming the next victim of an attack. These best practices are your first defense against this threat. Malicious actors have adjusted their ransomware tactics over time to include pressuring victims for payment by threatening to release stolen …

The National Institute of Standards and Technology has released a major update to Security and Privacy Controls for Information Systems and Organizations SP 800-53. The first major update in seven years, revision 5 includes a new Supply Chain Risk Management (SCRM) control family (SR). SP 800-53 continues to be a cornerstone tome of effective cybersecurity policy and practice. This publication …

Every day our personal information and metadata is flowing through an increasingly complex data processing ecosystem. Organizations and consumers alike have a need to understand the potential privacy risks associated with the technological solutions they choose. The Privacy Framework provides a common language for understanding, managing, and communicating privacy risk with internal and external stakeholders. It is adaptable to any …

Media sanitization policies are a critical component of information security. As technology changes, organizations must review policy and process to ensure that it is still effective. Solid state drives require extra attention. “Degaussing, a fundamental way to sanitize magnetic media, no longer applies in most cases for flash memory-based devices. Evolutionary changes in magnetic media will also have potential impacts …

Consider the privacy risks that home smart devices might introduce to your remote workforce. A robust security awareness program will have a positive impact on employees even when they are off the clock. The security and privacy of smart home devices can be contingent on the security of the home network. There were a few advanced users that mentioned more …

Get ahead of dangerous practices within your organization by instituting process and policy around the transfer of large files internally and externally. Eliminate Shadow IT! Learn more: https://csrc.nist.gov/CSRC/media/Publications/Shared/documents/itl-bulletin/itlbul2020-08.pdf Our offering: Unlimited Technology offers solutions for each of the functions of the NIST Cyber Security Framework. Our goal is to put you in command of your world by providing you with …

Zero Trust is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources. Learn more: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf Our offering: Unlimited Technology offers solutions for each of the functions of the NIST Cyber Security Framework. Our goal is to put you in command of your world by providing you …

The first step to detecting unauthorized access to a system is monitoring and logging of authorized access, a vital part of the Continuous Security Monitoring (DE.CM) process. Learn more: https://www.nist.gov/cyberframework/framework Our offering: Unlimited Technology offers solutions for each of the functions of the NIST Cyber Security Framework. Our goal is to put you in command of your world by providing …

No matter the size of the organization or maturity of the program, the core functions of an effective cyber program are to Identify, Protect, Detect, Respond, and Recover.     Our offering: Unlimited Technology offers solutions for each of the functions of the NIST Cyber Security Framework. Our vulnerability scanning solution is an excellent way of ensuring that “A vulnerability …

The Security and Privacy Controls for Information Systems and Organizations (Draft NIST SP-800-53 R5) presents the next generation of controls that are required to secure all types of computing platforms. The public comment period is now closed, but you can see a preview here: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft Our offering: Unlimited Technology provides a Security Awareness package helping you satisfy AT-2 AWARENESS TRAINING …

Longer passwords are better. Did you know that the current best practice guidance from NIST has removed the requirement to enforce password C0mpl3xity! Arbitrary expiration deadlines are also out. A password should change if you suspect that it has been compromised. Learn more about Digital Identity Guidelines from NIST: https://pages.nist.gov/800-63-3/sp800-63b.html Our offering: In addition to Security Training and Phishing Testing, …

Where should you start when trying to mitigate the risks of IOT devices deployed on your network? NIST has defined the set of technical device capabilities needed to support common cybersecurity controls that protect the customer’s devices, data, systems, and ecosystems. Learn more from NIST at https://csrc.nist.gov/publications/detail/nistir/8259a/final Our offering: Penetration Testing – Beyond vulnerability analysis, we offer pentesting services to …