View Post

Cyber Wednesday Info Byte #34

In 2014 NIST was tasked with creating a “prioritized, flexible, repeatable, performance-based, and cost-effective approach” for critical infrastructure to help identify, assess, and manage cyber risks. The NIST Cybersecurity Framework (CF) revolves around 5 key functions. Identify, Protect, Detect, Respond, Recover. “Organizations will continue to have unique risks – different threats, different vulnerabilities, different risk tolerances. They also will vary …

View Post

Cyber Wednesday Info Byte #33

Cyber Resiliency is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems. Our friends at NIST have a released a draft of “Developing Cyber-Resilient Systems: A Systems Security Engineering Approach”. This document focuses on cyber resiliency engineering, an emerging specialty systems engineering discipline. “Numerous reports of cyber incidents and cyber breaches …

View Post

Cyber Wednesday Info Byte #32

The May 12th Executive Order on Improving the Nation’s Cybersecurity directed our friends at NIST to publish guidelines on vendors’ source code testing. As a result NIST recently published Guidelines on Minimum Standards for Developer Verification of Software. An excellent resource for organizations that develop software in-house, it is also useful for organizations that want to practice due care when …

View Post

Cyber Wednesday Info Byte #31

On July 15th the US government released a new website that is the result of an inter-agency “whole-of-government” effort to curb the rise of ransomware cases. This new website is a “one stop shop” for preventing, detecting, reporting, and recovering from ransomware. StopRansomware.gov is an excellent resource for all organizations. “CISA is developing a catalog of Bad Practices that are …

View Post

Cyber Wednesday Info Byte #30

Our friends at MITRE have developed a new cybersecurity framework! The D3FEND framework is intended to improve the security of DoD systems by offering a catalog of defensive countermeasures against common attack techniques. Funded by the National Security Agency, this framework is a defensive counterpart to the ATT&CK framework. “Kill-chain oriented and derived threat models have proved popular and effective. …

View Post

Cyber Wednesday Info Byte #29

Recent events involving the scraping of personal information from social media sites such as the Facebook Leak and LinkedIn Leak should give us all pause to re-evaluate what we consider to be private information. Once data points such as cellphone number, personal email address, and birthday are collected and released in public data sets there is no way to make …

View Post

Cyber Wednesday Info Byte #28

Many of the recent high profile cybersecurity incidents have something in common: stolen credentials are used to gain remote access through a VPN solution that is not protected by multi-factor authentication. Mult-factor authentication prevents attackers with stolen credentials from gaining remote access by challenging the user to provide additional information such as biometric data or TOTP tokens. “The authentication factors …

View Post

Cloud (in)security: Avoiding common cloud misconfigurations featuring Unlimited Technology’s David Lathrop

Cloud migration is on nearly every technology company’s docket…and whether those plans were accelerated at the onset of the COVID-19 pandemic or accelerated now after being put on hold, the rush can result in misconfigurations that introduce security vulnerabilities. Learn about how a new, streamlined approach — from assessment, to network and endpoint security, to services and staffing — can …

View Post

Cyber Wednesday Info Byte #27

An information security program requires buy-in at the highest levels of the organization. The recent SOLARWINDS and HAFNIUM attacks are a stark reminder that the cyber threat landscape is quickly evolving, but resilient organizations with robust and unified strategies persevere. The Department of Homeland Security (DHS) has created a guide for leadership discussions about cybersecurity risk management. “Cybersecurity is NOT …