News

The Risk Management Framework for Information Systems and Organizations promotes near real-time risk management through implementation of continuous monitoring processes. It provides senior leaders and executives with the necessary information to make cost-effective risk management decisions about the systems supporting their missions and business functions. “As we push computers to “the edge,” building a complex world of interconnected information systems …

Even a zero trust architecture (ZTA) can still be compromised by an attacker with stolen credentials. Multi-Factor Authentication (MFA) can reduce the impact of stolen credentials by requiring the attacker to provide a second form of authentication such as one time password from a phone or hardware token. Security awareness training, MFA, and thoughtful policy add depth to your defense. …

Security Awareness training is one of the most effective ways of reducing risk in accordance with your organization’s overall risk management strategy. Current, relevant, and captivating content will spark the water cooler conversations that improve the security of your team, both in the office and off the clock. “Awareness techniques include displaying posters, offering supplies inscribed with security and privacy …

Did you know that scientists are currently studying the factors that make users click on a phishing email? Our friends at NIST have developed the Phish Scale by studying the behavior of 5000 users to identify cues that help someone spot a malicious email. The fewer cues there are the more effective the phish is. “As organizations continue to invest …

The NIST Cyber Security Framework provides a framework for managing cybersecurity risk through applying industry best practices, but it is not one-size-fits-all. The framework must be tailored to specific mission critical goals of each organization. NIST IR 8183 R1 “Manufacturing Profile” is a road map for manufacturers to apply the framework. “The Manufacturing Profile is meant to enhance but not …

As your organization develops defensive cyber security capabilities it may become necessary to hire additional employees or outsource tasks to a trusted partner. The Workforce Framework for Cybersecurity (NICE Framework), NIST Special Publication 800-181, provides a lexicon of security Knowledge, Skills, and Abilities (KSAs) that these cybersecurity roles require. “Cybersecurity is a rapidly changing and expanding field. This expansion requires …

Cybersecurity Risk Management (CSRM) can and should be integrated into your existing Enterprise Risk Management (ERM) framework. NIST recently published NISTIR 8286 as a guide to help enterprises of any maturity level input cybersecurity risk data into the decision making process. “Cybersecurity risk measurement has been extensively researched for decades. As measurement techniques have evolved, the complexity of digital assets …

It’s #CybersecurityAwarenessMonth ! With many employees still working from home, it’s more important than ever to make sure that you are staying safe both in your personal online activities and your professional endeavors. The folks at National Cybersecurity Center of Excellence (NCCoE) have put together an excellent list of cyber security basics for telework. “Don’t panic. There are some simple …

Cyber criminals continue to profit from ransomware. The Cybersecurity & Infrastructure Security Agency has released a comprehensive guide of best practices to avoid becoming the next victim of an attack. These best practices are your first defense against this threat. Malicious actors have adjusted their ransomware tactics over time to include pressuring victims for payment by threatening to release stolen …