Collaborate Disseminate
You make password decisions every week. Maybe you create a new account, reset a password or respond to a password change prompt. And each time you make a seemingly small or insignificant mistake in regard to password safety, such as not creating strong enough passwords or using the same password on multiple accounts, you increase […]
The post 5 Ways to Increase Password Safety appeared first on Security Intelligence.
Even if you are not an engineer, NIST 800-160 Volume 1 could help you in your work to understand security by design. It shows what you need to secure your information system. In the other blogs in this series, we’ve summarized the major points of the document. In the final installment, we’ll take a look at […]
The post Security by Design and NIST 800-160, Part 4: Technical Processes From ‘Go’ to Disposal appeared first on Security Intelligence.
Picking up where we left off on the security-by-design thinking offered by NIST 800-160 Volume 1, we move onward in Chapter 3, focusing on the technical management processes. Let’s look at some security design principles at the technical processes level. Technical Management Processes Chapter 3.3 shows us eight processes. Like we did in Part 2 […]
The post Security by Design and NIST 800-160, Part 3: Technical Processes appeared first on Security Intelligence.
Continue reading Security by Design and NIST 800-160, Part 3: Technical Processes
Risk management and risk assessments go hand in hand, and most organizations have completed a security assessment based on maturity models at some point in their existence. However, more companies are realizing the need to complement maturity models with a risk-based approach for assessing their cybersecurity positions. One such risk-based approach is based on the […]
The post Using FAIR and NIST CSF for Security Risk Management appeared first on Security Intelligence.
Continue reading Using FAIR and NIST CSF for Security Risk Management
NIST 800-160 Volume 1 features many guidelines of interest to cybersecurity experts looking to boost their defenses through security by design. As we saw in the first post in this series, the key principles of this document provide a good footing for security. Next, let’s take a look at how the security design principles laid […]
The post Security by Design and NIST 800-160, Part 2: Life Cycle Processes appeared first on Security Intelligence.
Continue reading Security by Design and NIST 800-160, Part 2: Life Cycle Processes
Building a house requires a blueprint. When it comes to building systems, National Institute of Standards and Technology’s (NIST) documents about security by design are some of the most reliable blueprints. As systems become more complex, they’re also more likely to be fragile. Meanwhile, we continue to add new devices, apps and tools into our […]
The post Security by Design and NIST 800-160, Part 1: Managing Change appeared first on Security Intelligence.
Continue reading Security by Design and NIST 800-160, Part 1: Managing Change
The universe is getting smaller, and space cybersecurity is keeping up. On May 30, 2020, nearly a decade after the Space Shuttle program ended, people witnessed a first: a vehicle built as part of a public-private partnership (between SpaceX and NASA) took off into space. This development was transformational because it brought the world one […]
The post Space Cybersecurity: How Lessons Learned on Earth Apply in Orbit appeared first on Security Intelligence.
Continue reading Space Cybersecurity: How Lessons Learned on Earth Apply in Orbit
Congress last week did something that it rarely does: It passed a meaningful cybersecurity bill. The legislation is aimed at enhancing the safeguards of internet-connected devices — also known as the internet of things (IoT) — such as smart sensors that monitor water quality or control ships in waterway locks. The bill is also a major step toward the federal government encouraging vulnerability disclosure policies that implement programs for organizations to work with security researchers to fix software flaws. “It is arguably the most significant U.S. IoT-specific cybersecurity law to date, as well as the most significant law promoting coordinated vulnerability disclosure in the private sector to date,” said Harley Geiger, director of public policy at Rapid7, a cybersecurity company. All it took to get across the finish line was more than three years of bipartisan work, encroaching state and foreign government IoT rules, a ticking legislative clock, goodwill toward […]
The post After years of work, Congress passes ‘internet of things’ cybersecurity bill — and it’s kind of a big deal appeared first on CyberScoop.
What is cyber resilience? According to IBM Security’s 2020 Cyber Resilient Organization Report, a cyber resilient organization is one that “more effectively prevents, detects, contains and responds to a myriad of serious threats against data, applications and IT infrastructure.” In a more colloquial sense, the “further along in the game” the organization is, the better positioned […]
The post 4 Steps to Help You Plan a Cyber Resilience Roadmap appeared first on Security Intelligence.
Continue reading 4 Steps to Help You Plan a Cyber Resilience Roadmap
Cloud service providers offer great performance and resilience, but ultimately it is up to individual organizations to determine whether these long-known advantages outweigh the possible downsides.
The post The Connection Between Cloud Service Providers and Cyber Resilience appeared first on Security Intelligence.
Continue reading The Connection Between Cloud Service Providers and Cyber Resilience