NIST engineering guide update provides advice for securing legacy IT systems
The National Institute of Standards and Technology canonical Systems Security Engineering guide SP 800-160 provides a catalog of systems and procedures that developers can use to build secure IT networks from the ground up. The guide’s second volume, published Wednesday, shows developers how to use those procedures to shore up the security of older legacy IT systems in order to limit the access hackers have if they do manage to break in. Ron Ross, NIST fellow and the one of the agency’s cybersecurity experts, told CyberScoop it’s a needed corrective. “We’ve been too focused on penetration resistance, hardening the systems, trying to keep the bad guys out,” he said, “The problem is, with the incredibly complex IT systems we have today, there will always be an [effectively] unlimited supply of vulnerabilities that we can’t know about.” Nation-state hackers are sophisticated and persistent, Ross said: “The empirical data shows that you […]
The post NIST engineering guide update provides advice for securing legacy IT systems appeared first on Cyberscoop.
Continue reading NIST engineering guide update provides advice for securing legacy IT systems