View Post

Cyber Wednesday Info Byte #42

NIST 800-53 tells us that the objectives of advanced persistent threats (APT) “typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future.” Under what circumstance might an APT …

View Post

Cyber Wednesday Info Byte #41

A critical security vulnerability in the java library Log4j has been identified. This vulnerability is very easy to exploit and the number of systems that are vulnerable is massive. The Cybersecurity and Infrastructure Security Agency (CISA) has created a guidance page that will be frequently updated as new information is discovered. This vulnerability is being widely exploited and every organization …

View Post

Cyber Wednesday Info Byte #40

‘Tis the season of online shopping! We are resetting forgotten passwords, using our credit cards online, and tracking packages, which means our risk of becoming the victim of cyber criminals is high. There are some things you can do to protect yourself online. According to the Cybersecurity & Infrastructure Agency (CISA) the four most important things you can do to …

View Post

Cyber Wednesday Info Byte #39

Imagine bad technology is junk-food. Wouldn’t it be nice if you could pick a piece of technology off the self, flip it over to read the label, and see if it was good for you? Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity” does just that! It tasks NIST with creating pilot programs for cybersecurity labeling of software that attests …

View Post

Cyber Wednesday Info Byte #38

The final week of #CybersecurityAwarenessMonth is about making security a priority. For your organization is means integrating cybersecurity into your process, policy, and purchasing decisions. For your employees this means awareness, training, and reporting of suspicious events. In your personal life this means taking to heart the good advice you hear at work about using strong passwords + multi-factor authentication, …

View Post

Cyber Wednesday Info Byte #37

Cybersecurity Awareness Month Week 1 : Be Cyber Smart The threat of ransomware is clear and present. Our friends at NIST have released a short animated video to illustrate how ransomware attacks happen and the impact it can have on small businesses. Remember that applying patches, verifying that you have good backups, using strong passwords and multifactor authentication is a …

View Post

Cyber Wednesday Info Byte #36

October is Cybersecurity Awareness Month! Now in its 18th year, Cybersecurity Awareness Month is a broad effort to help all Americans stay safer and more secure online. The theme this year is s “Do Your Part. #BeCyberSmart.” Week of October 4 (Week 1): Be Cyber Smart Applying patches, verifying that you have good backups, using strong passwords and multifactor authentication …

View Post

Cyber Wednesday Info Byte #35

Cybersecurity is still in it’s infancy as an academic discipline. The Cybersecurity and Infrastructure Security Agency (CISA) developed the Cybersecurity Workforce Training Guide as a resource to help professionals and organizations understand the Work Roles, Tasks, and Knowledge, Skills, and Abilities (KSAs) of the various, and highly divergent, specialties of this field. This guide is a tool you can use …

View Post

Cyber Wednesday Info Byte #34

In 2014 NIST was tasked with creating a “prioritized, flexible, repeatable, performance-based, and cost-effective approach” for critical infrastructure to help identify, assess, and manage cyber risks. The NIST Cybersecurity Framework (CF) revolves around 5 key functions. Identify, Protect, Detect, Respond, Recover. “Organizations will continue to have unique risks – different threats, different vulnerabilities, different risk tolerances. They also will vary …

View Post

Cyber Wednesday Info Byte #33

Cyber Resiliency is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems. Our friends at NIST have a released a draft of “Developing Cyber-Resilient Systems: A Systems Security Engineering Approach”. This document focuses on cyber resiliency engineering, an emerging specialty systems engineering discipline. “Numerous reports of cyber incidents and cyber breaches …