News

Security Awareness training is one of the most effective ways of reducing risk in accordance with your organization’s overall risk management strategy. Current, relevant, and captivating content will spark the water cooler conversations that improve the security of your team, both in the office and off the clock. “Awareness techniques include displaying posters, offering supplies inscribed with security and privacy …

Did you know that scientists are currently studying the factors that make users click on a phishing email? Our friends at NIST have developed the Phish Scale by studying the behavior of 5000 users to identify cues that help someone spot a malicious email. The fewer cues there are the more effective the phish is. “As organizations continue to invest …

The NIST Cyber Security Framework provides a framework for managing cybersecurity risk through applying industry best practices, but it is not one-size-fits-all. The framework must be tailored to specific mission critical goals of each organization. NIST IR 8183 R1 “Manufacturing Profile” is a road map for manufacturers to apply the framework. “The Manufacturing Profile is meant to enhance but not …

As your organization develops defensive cyber security capabilities it may become necessary to hire additional employees or outsource tasks to a trusted partner. The Workforce Framework for Cybersecurity (NICE Framework), NIST Special Publication 800-181, provides a lexicon of security Knowledge, Skills, and Abilities (KSAs) that these cybersecurity roles require. “Cybersecurity is a rapidly changing and expanding field. This expansion requires …

Cybersecurity Risk Management (CSRM) can and should be integrated into your existing Enterprise Risk Management (ERM) framework. NIST recently published NISTIR 8286 as a guide to help enterprises of any maturity level input cybersecurity risk data into the decision making process. “Cybersecurity risk measurement has been extensively researched for decades. As measurement techniques have evolved, the complexity of digital assets …

It’s #CybersecurityAwarenessMonth ! With many employees still working from home, it’s more important than ever to make sure that you are staying safe both in your personal online activities and your professional endeavors. The folks at National Cybersecurity Center of Excellence (NCCoE) have put together an excellent list of cyber security basics for telework. “Don’t panic. There are some simple …

Cyber criminals continue to profit from ransomware. The Cybersecurity & Infrastructure Security Agency has released a comprehensive guide of best practices to avoid becoming the next victim of an attack. These best practices are your first defense against this threat. Malicious actors have adjusted their ransomware tactics over time to include pressuring victims for payment by threatening to release stolen …

The National Institute of Standards and Technology has released a major update to Security and Privacy Controls for Information Systems and Organizations SP 800-53. The first major update in seven years, revision 5 includes a new Supply Chain Risk Management (SCRM) control family (SR). SP 800-53 continues to be a cornerstone tome of effective cybersecurity policy and practice. This publication …

Every day our personal information and metadata is flowing through an increasingly complex data processing ecosystem. Organizations and consumers alike have a need to understand the potential privacy risks associated with the technological solutions they choose. The Privacy Framework provides a common language for understanding, managing, and communicating privacy risk with internal and external stakeholders. It is adaptable to any …

Media sanitization policies are a critical component of information security. As technology changes, organizations must review policy and process to ensure that it is still effective. Solid state drives require extra attention. “Degaussing, a fundamental way to sanitize magnetic media, no longer applies in most cases for flash memory-based devices. Evolutionary changes in magnetic media will also have potential impacts …