View Post

Cyber Wednesday Info Byte #11

Media sanitization policies are a critical component of information security. As technology changes, organizations must review policy and process to ensure that it is still effective. Solid state drives require extra attention. “Degaussing, a fundamental way to sanitize magnetic media, no longer applies in most cases for flash memory-based devices. Evolutionary changes in magnetic media will also have potential impacts …

View Post

Cyber Wednesday Info Byte #10

Consider the privacy risks that home smart devices might introduce to your remote workforce. A robust security awareness program will have a positive impact on employees even when they are off the clock. The security and privacy of smart home devices can be contingent on the security of the home network. There were a few advanced users that mentioned more …

View Post

Cyber Wednesday Info Byte #9

Get ahead of dangerous practices within your organization by instituting process and policy around the transfer of large files internally and externally. Eliminate Shadow IT! Learn more: https://csrc.nist.gov/CSRC/media/Publications/Shared/documents/itl-bulletin/itlbul2020-08.pdf

View Post

Cyber Wednesday Info Byte #8

Zero Trust is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources. Learn more: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf

View Post

Cyber Wednesday Info Byte #7

The first step to detecting unauthorized access to a system is monitoring and logging of authorized access, a vital part of the Continuous Security Monitoring (DE.CM) process. Learn more: https://www.nist.gov/cyberframework/framework

View Post

Cyber Wednesday Info Byte #6

No matter the size of the organization or maturity of the program, the core functions of an effective cyber program are to Identify, Protect, Detect, Respond, and Recover.    

View Post

Cyber Wednesday Info Byte #5

The Security and Privacy Controls for Information Systems and Organizations (Draft NIST SP-800-53 R5) presents the next generation of controls that are required to secure all types of computing platforms. The public comment period is now closed, but you can see a preview here: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft

View Post

Cyber Wednesday Info Byte #4

Longer passwords are better. Did you know that the current best practice guidance from NIST has removed the requirement to enforce password C0mpl3xity! Arbitrary expiration deadlines are also out. A password should change if you suspect that it has been compromised. Learn more about Digital Identity Guidelines from NIST: https://pages.nist.gov/800-63-3/sp800-63b.html

View Post

Cyber Wednesday Info Byte #3

Where should you start when trying to mitigate the risks of IOT devices deployed on your network? NIST has defined the set of technical device capabilities needed to support common cybersecurity controls that protect the customer’s devices, data, systems, and ecosystems. Learn more from NIST at https://csrc.nist.gov/publications/detail/nistir/8259a/final

View Post

Cyber Wednesday Info Byte #2

The manufacturers of IOT devices have a responsibility to consider the cybersecurity needs of the consumer. Ensuring the securability of a device must be a priority at every phase of product development. Theses are cybersecurity activities we expect. Learn more from NIST at https://www.nist.gov/publications/foundational-cybersecurity-activities-iot-device-manufacturers