This is an original post by Roisin Coleman of Alpine Security.
Without Cybersecurity Maturity Model Certificate (CMMC) compliance, a contractor will be barred from all future Department of Defense (DoD) contracts. The CMMC officially launched in January 2020, building upon the DFARS and NIST 800-171 standards with additional requirements for vendors working with the DoD. Understanding CMMC and how it differs from DFARS and NIST 800-171 is crucial to the current and future success of government contractors.
This is an original post by Christian Espinosa, CEO/Founder of Alpine Security.
An original article from Alpine Security.
Introduction
Many organizations ask us to perform an internal penetration test against their internal environment (inside the firewall). They may have heard that this is a good thing to do or think it is required for compliance. The reality is that very few organizations are mature enough to need an internal penetration test. An internal vulnerability assessment usually provides a better ROI. This post explains the main differences between an internal network penetration test and an internal vulnerability assessment. The intent of the article is to help you make an informed decision on which is best for you.
Every organization has some level of risk that can impact the organization. Regardless of whether you have a formal quality management system or must meet regimented regulations, leadership, as well as additional stakeholders, have a particularly vested interest in identifying and planning for all potential risks to an organization. The National Institute of Standards and Technology (NIST) has created a guide for conducting risk assessments. Regardless of the technology, the establishment of a standard approach is key.
IT / OT Infrastructure, Digital Information and IoT devices
With the spread of COVID-19, new challenges and opportunities will arise for keeping your business safe from cybersecurity threats. As the government and businesses work on mitigating the impact of the ongoing outbreak, social distancing measures are leading to an increase in remote working across all sectors. The immediate challenge is “how can I protect my digital assets from a cyber-attack?” Some key vulnerabilities to a cyberattack are Information Technology / Operational Technology (IT / OT) infrastructure, digital information and Internet of Things (IoT) devices.
As the world weathers the COVID-19 virus pandemic, we are faced with posturing for such and protecting / helping ourselves, family, friends, co-workers and members of our greater communities; but a procrastination of sorts -- coupled with a distrust / disbelief that this will impact me (downplaying the magnitude of such) and not knowing what we don’t know, exponentially raises the risk of infection and serious health consequences coming to bear.
This is an original NIST Cybersecurity Insights blog post, written by Jeff Greene.
Your employer has unexpectedly directed you to telework—and you are feeling overwhelmed. With many changes happening at once, telework security could be an afterthought or completely overlooked. This could put you and your organization at increased risk from attackers, who are always looking for opportunities to take advantage of disruption generally and weak security practices specifically. But it’s more than your organization at risk—if your telework device is compromised, anything else connected to your home network could be at risk too.
This is an original NIST Cybersecurity Insights blog post, written by Jeff Greene.
Conference calls and web meetings—virtual meetings—are a constant of modern work. And while many of us have become security-conscious in our online interactions, virtual meeting security is often an afterthought, at most. Who hasn’t been finishing one call when attendees of the next call start joining – because the access code is the same? In the moment it may be annoying, or even humorous, but imagine if you were discussing sensitive corporate (or personal) information. Unfortunately, if virtual meetings are not set up correctly, former coworkers, disgruntled employees, or hackers might be able to eavesdrop. Using some basic precautions can help ensure that your meetings are an opportunity to collaborate and work effectively – and not the genesis of a data breach or other embarrassing and costly security or privacy incident.
This is an original article from NIST Manufacturing Innovation Blog.
Cybersecurity threats are a huge business risk for all companies. Small and medium-sized businesses (SMBs) — including manufacturers — are especially vulnerable to attacks. Small and medium-sized manufacturers (SMMs) are often seen as an easy entry point — a “soft” target — into larger businesses and government agencies. One of the first steps when prioritizing how to manage your business risk is to gather information about the threat environment. The 20 important (and shocking) cybersecurity statistics listed below focus on what manufacturers need to know about the “what” and “so what” of cybersecurity, so they can start planning their “now what” actions.
