Written by Robert Barnes, Administrative Assistant with the NIST MEP Extension Services Division.
Data Breach Notification Laws: How to Manufacture a Confident Response
Posted by IMEC on May 25, 2021 4:32:32 PM
Critical Security Controls: An Introduction
Posted by IMEC on Oct 5, 2020 3:57:57 PM
What is the Difference Between CMMC, DFARS, and NIST 800-171?
Posted by IMEC on Sep 15, 2020 11:47:13 AM
This is an original post by Roisin Coleman of Alpine Security.
Without Cybersecurity Maturity Model Certificate (CMMC) compliance, a contractor will be barred from all future Department of Defense (DoD) contracts. The CMMC officially launched in January 2020, building upon the DFARS and NIST 800-171 standards with additional requirements for vendors working with the DoD. Understanding CMMC and how it differs from DFARS and NIST 800-171 is crucial to the current and future success of government contractors.
Cybersecurity Common Sense is Not Always Common Practice
Posted by IMEC on Sep 14, 2020 2:12:03 PM
This is an original post by Christian Espinosa, CEO/Founder of Alpine Security.
Internal Penetration Test vs Vulnerability Assessment: Which is Right for You?
Posted by IMEC on Aug 31, 2020 1:40:04 PM
An original article from Alpine Security.
Introduction
Many organizations ask us to perform an internal penetration test against their internal environment (inside the firewall). They may have heard that this is a good thing to do or think it is required for compliance. The reality is that very few organizations are mature enough to need an internal penetration test. An internal vulnerability assessment usually provides a better ROI. This post explains the main differences between an internal network penetration test and an internal vulnerability assessment. The intent of the article is to help you make an informed decision on which is best for you.
Mitigating Risk in Virtual World
Posted by Ken Wunderlich on Mar 26, 2020 8:39:40 AM
Every organization has some level of risk that can impact the organization. Regardless of whether you have a formal quality management system or must meet regimented regulations, leadership, as well as additional stakeholders, have a particularly vested interest in identifying and planning for all potential risks to an organization. The National Institute of Standards and Technology (NIST) has created a guide for conducting risk assessments. Regardless of the technology, the establishment of a standard approach is key.
Mitigating Cybersecurity Risks During a Crisis
Posted by Hanoz Umrigar on Mar 25, 2020 9:11:17 AM
IT / OT Infrastructure, Digital Information and IoT devices
With the spread of COVID-19, new challenges and opportunities will arise for keeping your business safe from cybersecurity threats. As the government and businesses work on mitigating the impact of the ongoing outbreak, social distancing measures are leading to an increase in remote working across all sectors. The immediate challenge is “how can I protect my digital assets from a cyber-attack?” Some key vulnerabilities to a cyberattack are Information Technology / Operational Technology (IT / OT) infrastructure, digital information and Internet of Things (IoT) devices.
Pandemic in Cyberspace – Are You Prepared?
Posted by Jim Floyd on Mar 24, 2020 9:03:59 AM
As the world weathers the COVID-19 virus pandemic, we are faced with posturing for such and protecting / helping ourselves, family, friends, co-workers and members of our greater communities; but a procrastination of sorts -- coupled with a distrust / disbelief that this will impact me (downplaying the magnitude of such) and not knowing what we don’t know, exponentially raises the risk of infection and serious health consequences coming to bear.
Telework Security Basics
Posted by IMEC on Mar 20, 2020 12:15:57 PM
This is an original NIST Cybersecurity Insights blog post, written by Jeff Greene.
Your employer has unexpectedly directed you to telework—and you are feeling overwhelmed. With many changes happening at once, telework security could be an afterthought or completely overlooked. This could put you and your organization at increased risk from attackers, who are always looking for opportunities to take advantage of disruption generally and weak security practices specifically. But it’s more than your organization at risk—if your telework device is compromised, anything else connected to your home network could be at risk too.
Preventing Eavesdropping and Protecting Privacy on Virtual Meetings
Posted by IMEC on Mar 19, 2020 1:29:06 PM
This is an original NIST Cybersecurity Insights blog post, written by Jeff Greene.
Conference calls and web meetings—virtual meetings—are a constant of modern work. And while many of us have become security-conscious in our online interactions, virtual meeting security is often an afterthought, at most. Who hasn’t been finishing one call when attendees of the next call start joining – because the access code is the same? In the moment it may be annoying, or even humorous, but imagine if you were discussing sensitive corporate (or personal) information. Unfortunately, if virtual meetings are not set up correctly, former coworkers, disgruntled employees, or hackers might be able to eavesdrop. Using some basic precautions can help ensure that your meetings are an opportunity to collaborate and work effectively – and not the genesis of a data breach or other embarrassing and costly security or privacy incident.