News

Did you know that scientists are currently studying the factors that make users click on a phishing email? Our friends at NIST have developed the Phish Scale by studying the behavior of 5000 users to identify cues that help someone spot a malicious email. The fewer cues there are the more effective the phish is. “As organizations continue to invest …

The NIST Cyber Security Framework provides a framework for managing cybersecurity risk through applying industry best practices, but it is not one-size-fits-all. The framework must be tailored to specific mission critical goals of each organization. NIST IR 8183 R1 “Manufacturing Profile” is a road map for manufacturers to apply the framework. “The Manufacturing Profile is meant to enhance but not …

As your organization develops defensive cyber security capabilities it may become necessary to hire additional employees or outsource tasks to a trusted partner. The Workforce Framework for Cybersecurity (NICE Framework), NIST Special Publication 800-181, provides a lexicon of security Knowledge, Skills, and Abilities (KSAs) that these cybersecurity roles require. “Cybersecurity is a rapidly changing and expanding field. This expansion requires …

Cybersecurity Risk Management (CSRM) can and should be integrated into your existing Enterprise Risk Management (ERM) framework. NIST recently published NISTIR 8286 as a guide to help enterprises of any maturity level input cybersecurity risk data into the decision making process. “Cybersecurity risk measurement has been extensively researched for decades. As measurement techniques have evolved, the complexity of digital assets …

It’s #CybersecurityAwarenessMonth ! With many employees still working from home, it’s more important than ever to make sure that you are staying safe both in your personal online activities and your professional endeavors. The folks at National Cybersecurity Center of Excellence (NCCoE) have put together an excellent list of cyber security basics for telework. “Don’t panic. There are some simple …

Cyber criminals continue to profit from ransomware. The Cybersecurity & Infrastructure Security Agency has released a comprehensive guide of best practices to avoid becoming the next victim of an attack. These best practices are your first defense against this threat. Malicious actors have adjusted their ransomware tactics over time to include pressuring victims for payment by threatening to release stolen …

The National Institute of Standards and Technology has released a major update to Security and Privacy Controls for Information Systems and Organizations SP 800-53. The first major update in seven years, revision 5 includes a new Supply Chain Risk Management (SCRM) control family (SR). SP 800-53 continues to be a cornerstone tome of effective cybersecurity policy and practice. This publication …

Every day our personal information and metadata is flowing through an increasingly complex data processing ecosystem. Organizations and consumers alike have a need to understand the potential privacy risks associated with the technological solutions they choose. The Privacy Framework provides a common language for understanding, managing, and communicating privacy risk with internal and external stakeholders. It is adaptable to any …

Media sanitization policies are a critical component of information security. As technology changes, organizations must review policy and process to ensure that it is still effective. Solid state drives require extra attention. “Degaussing, a fundamental way to sanitize magnetic media, no longer applies in most cases for flash memory-based devices. Evolutionary changes in magnetic media will also have potential impacts …

Consider the privacy risks that home smart devices might introduce to your remote workforce. A robust security awareness program will have a positive impact on employees even when they are off the clock. The security and privacy of smart home devices can be contingent on the security of the home network. There were a few advanced users that mentioned more …