Physical security is one of the core pillars of cybersecurity. Assessment of physical security is beneficial to every organization no matter the maturity level. Our friends at the Cybersecurity and Infrastructure Security Agency (CISA) have designed a self-assessment tool for securing Houses of Worship which are often the targets of violence and terrorism. “In this security guide, CISA analyzed ten …

The relationship between your organization and customers is built on trust. Your customers trust that you will protect their privacy. Protecting privacy requires more than just practicing good cybersecurity, it requires a privacy program. The NIST Privacy Framework is a tool that you can use to create or improve a privacy program. Learn more: https://www.nist.gov/system/files/documents/2021/01/13/Getting-Started-NIST-Privacy-Framework-Guide.pdf

Even a zero trust architecture (ZTA) can still be compromised by an attacker with stolen credentials. Multi-Factor Authentication (MFA) can reduce the impact of stolen credentials by requiring the attacker to provide a second form of authentication such as one time password from a phone or hardware token. Security awareness training, MFA, and thoughtful policy add depth to your defense. …

The Risk Management Framework for Information Systems and Organizations promotes near real-time risk management through implementation of continuous monitoring processes. It provides senior leaders and executives with the necessary information to make cost-effective risk management decisions about the systems supporting their missions and business functions. “As we push computers to “the edge,” building a complex world of interconnected information systems …

Security Awareness training is one of the most effective ways of reducing risk in accordance with your organization’s overall risk management strategy. Current, relevant, and captivating content will spark the water cooler conversations that improve the security of your team, both in the office and off the clock. “Awareness techniques include displaying posters, offering supplies inscribed with security and privacy …

Did you know that scientists are currently studying the factors that make users click on a phishing email? Our friends at NIST have developed the Phish Scale by studying the behavior of 5000 users to identify cues that help someone spot a malicious email. The fewer cues there are the more effective the phish is. “As organizations continue to invest …

The NIST Cyber Security Framework provides a framework for managing cybersecurity risk through applying industry best practices, but it is not one-size-fits-all. The framework must be tailored to specific mission critical goals of each organization. NIST IR 8183 R1 “Manufacturing Profile” is a road map for manufacturers to apply the framework. “The Manufacturing Profile is meant to enhance but not …

As your organization develops defensive cyber security capabilities it may become necessary to hire additional employees or outsource tasks to a trusted partner. The Workforce Framework for Cybersecurity (NICE Framework), NIST Special Publication 800-181, provides a lexicon of security Knowledge, Skills, and Abilities (KSAs) that these cybersecurity roles require. “Cybersecurity is a rapidly changing and expanding field. This expansion requires …

Cybersecurity Risk Management (CSRM) can and should be integrated into your existing Enterprise Risk Management (ERM) framework. NIST recently published NISTIR 8286 as a guide to help enterprises of any maturity level input cybersecurity risk data into the decision making process. “Cybersecurity risk measurement has been extensively researched for decades. As measurement techniques have evolved, the complexity of digital assets …

It’s #CybersecurityAwarenessMonth ! With many employees still working from home, it’s more important than ever to make sure that you are staying safe both in your personal online activities and your professional endeavors. The folks at National Cybersecurity Center of Excellence (NCCoE) have put together an excellent list of cyber security basics for telework. “Don’t panic. There are some simple …