View Post

Cyber Wednesday Info Byte #39

Imagine bad technology is junk-food. Wouldn’t it be nice if you could pick a piece of technology off the self, flip it over to read the label, and see if it was good for you? Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity” does just that! It tasks NIST with creating pilot programs for cybersecurity labeling of software that attests …

View Post

Cyber Wednesday Info Byte #38

The final week of #CybersecurityAwarenessMonth is about making security a priority. For your organization is means integrating cybersecurity into your process, policy, and purchasing decisions. For your employees this means awareness, training, and reporting of suspicious events. In your personal life this means taking to heart the good advice you hear at work about using strong passwords + multi-factor authentication, …

View Post

Cyber Wednesday Info Byte #37

Cybersecurity Awareness Month Week 1 : Be Cyber Smart The threat of ransomware is clear and present. Our friends at NIST have released a short animated video to illustrate how ransomware attacks happen and the impact it can have on small businesses. Remember that applying patches, verifying that you have good backups, using strong passwords and multifactor authentication is a …

View Post

Cyber Wednesday Info Byte #36

October is Cybersecurity Awareness Month! Now in its 18th year, Cybersecurity Awareness Month is a broad effort to help all Americans stay safer and more secure online. The theme this year is s “Do Your Part. #BeCyberSmart.” Week of October 4 (Week 1): Be Cyber Smart Applying patches, verifying that you have good backups, using strong passwords and multifactor authentication …

View Post

Cyber Wednesday Info Byte #35

Cybersecurity is still in it’s infancy as an academic discipline. The Cybersecurity and Infrastructure Security Agency (CISA) developed the Cybersecurity Workforce Training Guide as a resource to help professionals and organizations understand the Work Roles, Tasks, and Knowledge, Skills, and Abilities (KSAs) of the various, and highly divergent, specialties of this field. This guide is a tool you can use …

View Post

Cyber Wednesday Info Byte #34

In 2014 NIST was tasked with creating a “prioritized, flexible, repeatable, performance-based, and cost-effective approach” for critical infrastructure to help identify, assess, and manage cyber risks. The NIST Cybersecurity Framework (CF) revolves around 5 key functions. Identify, Protect, Detect, Respond, Recover. “Organizations will continue to have unique risks – different threats, different vulnerabilities, different risk tolerances. They also will vary …

View Post

Cyber Wednesday Info Byte #33

Cyber Resiliency is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems. Our friends at NIST have a released a draft of “Developing Cyber-Resilient Systems: A Systems Security Engineering Approach”. This document focuses on cyber resiliency engineering, an emerging specialty systems engineering discipline. “Numerous reports of cyber incidents and cyber breaches …

View Post

Cyber Wednesday Info Byte #32

The May 12th Executive Order on Improving the Nation’s Cybersecurity directed our friends at NIST to publish guidelines on vendors’ source code testing. As a result NIST recently published Guidelines on Minimum Standards for Developer Verification of Software. An excellent resource for organizations that develop software in-house, it is also useful for organizations that want to practice due care when …

View Post

Cyber Wednesday Info Byte #31

On July 15th the US government released a new website that is the result of an inter-agency “whole-of-government” effort to curb the rise of ransomware cases. This new website is a “one stop shop” for preventing, detecting, reporting, and recovering from ransomware. StopRansomware.gov is an excellent resource for all organizations. “CISA is developing a catalog of Bad Practices that are …