New NIST Requirements Increase Cyber Security Controls

New NIST Requirements Increase Cyber Security Controls

A new supplement to the National Institute of Standards and Technology (NIST) 800-171 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” is on the way.  The proposed supplement 800-171B adds 35 new requirements that go alongside...
Poorly Written Ransomware Still Infects Unpatched Systems

Poorly Written Ransomware Still Infects Unpatched Systems

WannaCry malware hit the news in 2017 when reports of the damaging attack spread through more than 150 countries.  The National Health Service in the UK, and FedEx where two of the worst hit organizations, but countless others, including small business, schools, and...
4 common cyber issues that spawned a $60 million class-action lawsuit

4 common cyber issues that spawned a $60 million class-action lawsuit

A class action suit is in progress after an estimated 200,000 people had personal data exposed by a hacked server at Casino Rama in Ontario.  The breach was made public back in November 2016 when the hacker was able to obtain credentials, access at least two of the...
Auditing and logging for HIPAA

Auditing and logging for HIPAA

Auditing and logging are an important part of the HIPAA Security Rule, but the rule contains no specifics on this requirement. According to HIPAA Security Rule – 164.312(b):“Implement hardware, software, and/or procedural mechanisms that record and examine...
5 core functions of effective cybersecurity – #1 Identify

5 core functions of effective cybersecurity – #1 Identify

Since the National Institute of Standards and Technology Cyber Security Framework (NIST CSF) was established, it has become the framework of choice for organizations to align with to establish “best practice”, and is the foundation for most US cyber...