NIST CSF – Part 4 – Respond

NIST CSF – Part 4 – Respond

Today we continue down the National Institute of Standards and Technology Cyber Security Framework (NIST CSF).  In our earlier blog posts, we learned how to identify our assets and then we did our best to protect them. Then since nothing is 100% secure, we detected...
The Accidental Insider Threat – A clear and present risk

The Accidental Insider Threat – A clear and present risk

Media images depict the unknown ‘hooded’ bad actor in the dark room with many computer screens and we often forget about one the biggest risks organizations face – the insider. The insider can be broken into two categories, 1) the accidental insider who is duped...
Do we need a new standard for network testing and security?

Do we need a new standard for network testing and security?

This question was posed by a Forbes Technology Council member who points out that with the increase in devices connected to networks, cybersecurity has become part of every C-level, staff member and third-party vendor’s role to help manage risk of data...
Cybersecurity 2019 – Detection Over Prevention

Cybersecurity 2019 – Detection Over Prevention

As the number of attack vectors increases, making it easier for cyber criminals to find ways around the controls it is more important than ever to have a proactive and layered approach to cybersecurity.  However, organizations of all sizes need to face an...
New NIST Requirements Increase Cyber Security Controls

New NIST Requirements Increase Cyber Security Controls

A new supplement to the National Institute of Standards and Technology (NIST) 800-171 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” is on the way.  The proposed supplement 800-171B adds 35 new requirements that go alongside...
NIST CSF – Part 3 – Detect

NIST CSF – Part 3 – Detect

The NIST Cyber Security Framework (NIST CSF) is the result of a February 2013 Executive Order titled “Improving Critical Infrastructure Cybersecurity” and 10 months of collaborative discussions with more than 3,000 security professionals. It comprises a risk-based...