The National Institute of Standards and Technology (NIST) published a final version of updated standards for systems security engineering (SSE) with significant content and design changes, including a renewed emphasis on the importance of systems engi…
Tag: NIST
Security Bloggers, Security Vendor News
NIST SP 800-161r1: What You Need to Know
by Tripwire Guest Authors •
Modern goods and services rely on a supply chain ecosystem, which are interconnected networks of manufacturers, software developers, and other service providers. This ecosystem provides cost savings, interoperability, quick innovation, product feature …
Europe, Global Security News, North America
NIST Updates Guidance for Supply Chain Security Management
by Nathan Eddy •
The National Institute of Standards and Technology (NIST) has updated its cybersecurity supply chain risk management (C-SCRM) guidance in an effort to help organizations protect themselves as they acquire and use technology products and services. The …
Global Security News, North America
NIST updates guidance for cybersecurity supply chain risk management
by Zeljka Zorz •
The National Institute of Standards and Technology (NIST) has updated its guidance document for helping organizations identify, assess and respond to cybersecurity risks throughout the supply chain. “[Cybersecurity Supply Chain Risk Management Pr…
Europe, Global Security News, North America
NIST CSF and CIS V8 | Apptega
by Cyber Insights Team •
How to choose the right cybersecurity framework for your organization
As a growing number of organizations are affected by cybercrimes across a range of industries, it may never be more imperative for your organization to adopt cybersecurity best…
Security Bloggers, Security Vendor News
How to Use NIST’s Cybersecurity Framework to Protect against Integrity-Themed Threats
by David Bisson •
With the CIA Triad, confidentiality commands much of the attention. Organizations fret over the unauthorized disclosure of their data, so they try to reduce the risks of that type of an incident. In so doing, however, enterprises commonly overlook the …
Security Vendor News
Enhancing the Security of Software Development Environments
by Amelia Albanese •
Two sets of guidance were released by NIST: the Secure Software Development Framework (SSDF) and the companion Software Supply Chain Security Guidance.
The post Enhancing the Security of Software Development Environments appeared first on Palo Alto Networks Blog.
Security Bloggers, Security Vendor News
Your Guide to the NIST Cybersecurity Framework
by Tripwire Guest Authors •
To put the impact of cybercrime into perspective, let’s examine some important, and startling, numbers: Data breach costs increased from $3.86 million to $4.24 million in 2021. Every 39 seconds, there is an attack. About 90% of healthcare organizations…
Security Vendor News
Choosing Which Federal Guidelines to Follow for Zero Trust
by Amelia Albanese •
Federal agencies are feeling increased pressure to adopt appropriate federal guidelines for Zero Trust and accelerate their Zero Trust architecture.
The post Choosing Which Federal Guidelines to Follow for Zero Trust appeared first on Palo Alto Networks Blog.
Security Vendor News
Choosing Which Federal Guidelines to Follow for Zero Trust
by Amelia Albanese •
Federal agencies are feeling increased pressure to adopt appropriate federal guidelines for Zero Trust and accelerate their Zero Trust architecture.
The post Choosing Which Federal Guidelines to Follow for Zero Trust appeared first on Palo Alto Networks Blog.
Security Vendor News
The Federal Zero Trust Strategy
by Sean Morgan •
The Federal Zero Trust Strategy details a series of specific actions all U.S. federal agencies must take to advance adopting a Zero Trust approach.
The post The Federal Zero Trust Strategy appeared first on Palo Alto Networks Blog.
Global IT News
Researchers help organizations understand how available security capabilities can be used to defend against threats
by Howard Solomon •
The Center for Threat Informed Defence issues its first report. listing 13 projects for cybersecurity teams to leverage
The post Researchers help organizations understand how available security capabilities can be used to defend against threats first appeared on IT World Canada.
Europe, Global Security News, North America
NIST 800-172 to Strengthen CUI Protection Controls | Apptega
by Cyber Insights Team •
Understanding if SP 800-172 Applies to Your Organization and What It May Mean
As the threat landscape continues to evolve and attackers expose millions upon millions of records through successful breaches, many compliance and regulatory organizat…
Europe, Global Security News, North America, Vulnerabilities
More than 40 billion records exposed in 2021
by Pravin Madhani, CEO and Co-Founder •
Security Brief Asia is reporting on new research showing more than 40 billion records were exposed by data breaches in 2021. According to the research from Tenable’s Security Response Teams, they found a considerable increase in breach incidents, with …
Europe, Global Security News, North America
Afraid and Confused by CMMC Bingo? | Apptega
by Jeff Stutzman - Trusted Internet •
My Background
ISO, RMF, CMMC, CMMC 2.0, DFAR, NIST 800-171, PCI, HIPAA, CMS, CCPA, GDPR. Dang! It makes me want to jump up screaming, “BINGO!” Or, as the old ladies used to scream when I was stationed in Maine some years ago, “BEANO!” All these y…
Europe, Global Security News, North America, Vulnerabilities
93% of Tested Networks Vulnerable to Breach
by Pravin Madhani, CEO and Co-Founder •
Nearly every organization can be infiltrated by cyber attackers, based on data from dozens of penetration tests and security assessments. The vast majority of businesses can be compromised within a month by a motivated attacker using common techniques,…
Security Vendor News
Alert: Apache Log4j Vulnerability Could Impact a Third of All Web Servers: Enables Mirai, Muhstik Botnets and Other Malware
by Danielle •
Last week security researchers discovered a vulnerability in the Apache Log4j logging utility code, written in the Java language. This utility is widely used in a variety of consumer and enterprise services, websites, and applications—as well as in ope…
Security Bloggers
Episode 231: Solving the US’s Endemic Cybersecurity Worker Shortage
by Paul Roberts •
Rodney Petersen, the director of the National Initiative for Cybersecurity Education (NICE) talks about the massive shortage of information security workers at the United States – estimated at more than 400,000 workers.
The post Episode 231: Solving th…
Security Bloggers, Security Vendor News
Survey Says! We agree on what a SOC does!
by Bob Hansmann •
Once recognized solely for their security training and certifications, the SANS Institute is starting to outshine many long-term industry analyst firms in their security market research. And I give them 5 gold stars for their latest survey-based report; “A SANS 2021 Survey: Security Operations Center (SOC)”. The survey takes advantage of SANS’ global alumni of […]
The post Survey Says! We agree on what a SOC does! appeared first on Infoblox Blog.
Europe, Global Security News, North America
Cyber Security Predictions for 2022
by Pravin Madhani, CEO and Co-Founder •
As we approach the end of 2021, we’d like to present our predictions for 2022 for the application security community. It would be easy to just predict that cyber attacks will continue to increase, that we’ll find more vulnerabilities in production cod…
Europe, Global Security News, North America
Shadow Code is a Major Risk for Web Applications
by Pravin Madhani, CEO and Co-Founder •
A new report written by Osterman Research notes that most websites use third-party libraries to simplify common functions, but these same libraries often have application security risks. Organizations also typically lack visibility into third party co…
Global Security News, North America
Fugue helps cloud teams to prepare for and meet the AWS Well-Architected Framework
by Industry News •
Fugue announced support for automatically checking Amazon Web Services (AWS) cloud environments and infrastructure as code (IaC) for adherence to the AWS Well-Architected Framework. AWS customers can significantly reduce the time and engineering resour…
Global Security News, North America
Security standards should be strengthened outside the federal government too
by Help Net Security •
Tripwire announced the results of a research report that evaluated actions taken by the federal government to improve cybersecurity in 2021. Conducted by Dimensional Research, the survey evaluated the opinions of 306 security professionals, including 1…
Global Security News, North America
Titania Nipper NIST 800-171 module protects controlled and sensitive government information
by Industry News •
Titania launched a new dedicated module to assess NIST 800-171 compliance for core network devices. The module, an add-on to Titania’s Nipper product, allows any organization that works with U.S. government agencies and handles controlled unclassified …
North America
A New Cybersecurity Executive Order Puts the Heat on Critical Infrastructure Suppliers
by Abby Ross •
Ransomware. Five years ago, the cybersecurity community knew that term well, although among others it was far from dinner table conversation. Times have changed. Since early 2020, ransomware has hit a slew of headlines. People inside and outside of the security industry are talking about it, and many have experienced the ransomware pain firsthand. The […]
The post A New Cybersecurity Executive Order Puts the Heat on Critical Infrastructure Suppliers appeared first on Security Intelligence.
Europe, Global Security News, North America
Can you Become Ransomware-Proof?
by John Bruggeman •
Wouldn’t it be great if you had enough confidence in your information security program that if a criminal gang attacked you, you would be able to defend yourself, keep your business going and notify the appropriate legal authorities and any vendor par…
Global Security News, North America
Fugue IaC platform empowers cloud teams to eliminate security gaps
by Industry News •
Fugue announced Fugue IaC, a unified platform for securing infrastructure as code (IaC) and cloud runtime environments using a single set of policies. Powered by a Unified Policy Engine, Fugue IaC saves cloud teams significant time and ensures consiste…
Europe, Global Security News, North America
NIST: Atoms can Help Secure Supply Chain
by Christopher Burgess •
Last week, the National Institute of Standards and Technology (NIST) revealed a prototype that used atoms to authenticate an item before it left a factory floor. The methodology is called “doping” and involves the insertion of ‘foreign’ at…
Europe, Global Security News, North America
NIST SP800-53 Revision 5, One Year Later
by Pravin Madhani, CEO and Co-Founder •
It will be one year since NIST released their final version of SP800-53 Revision 5 on September 23, 2020. As a quick reminder SP800-53 is the document issued by NIST that specifies the Security and Privacy Controls that need to be used by agencies of …
North America
What Biden’s Cybersecurity Executive Order Means for Supply Chain Attacks
by George Platsis •
With cybersecurity guidelines coming down from the executive branch, industry and policymakers clearly both see the extent of the cyberattack problem. Take a look at the contents of the Biden administration’s May executive order and what it means for people working in the industry, especially in regards to supply chain attacks. The executive order covers […]
The post What Biden’s Cybersecurity Executive Order Means for Supply Chain Attacks appeared first on Security Intelligence.