No matter the size of the organization or maturity of the program, the core functions of an effective cyber program are to Identify, Protect, Detect, Respond, and Recover.    

The Security and Privacy Controls for Information Systems and Organizations (Draft NIST SP-800-53 R5) presents the next generation of controls that are required to secure all types of computing platforms. The public comment period is now closed, but you can see a preview here: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft

Longer passwords are better. Did you know that the current best practice guidance from NIST has removed the requirement to enforce password C0mpl3xity! Arbitrary expiration deadlines are also out. A password should change if you suspect that it has been compromised. Learn more about Digital Identity Guidelines from NIST: https://pages.nist.gov/800-63-3/sp800-63b.html

Where should you start when trying to mitigate the risks of IOT devices deployed on your network? NIST has defined the set of technical device capabilities needed to support common cybersecurity controls that protect the customer’s devices, data, systems, and ecosystems. Learn more from NIST at https://csrc.nist.gov/publications/detail/nistir/8259a/final

The manufacturers of IOT devices have a responsibility to consider the cybersecurity needs of the consumer. Ensuring the securability of a device must be a priority at every phase of product development. Theses are cybersecurity activities we expect. Learn more from NIST at https://www.nist.gov/publications/foundational-cybersecurity-activities-iot-device-manufacturers

Information security is defined as the protection of information and systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. Learn more from NIST at https://csrc.nist.gov/publications/detail/sp/800-12/rev-1/final