May 26, 2013

Posts Comments

You are here: Home / Archives for Information Security

NIST Offers Free Download of SP 800-53, Rev 4

May 9, 2013 By Leave a Comment
Photo courtesy of www.livehacking.com

The National Institute of Standards and Technology (NIST) has now made available the Final Release of SP 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations – representing the most comprehensive update to the security controls catalog since its inception in 2005. This update was motivated primarily by the expanding occurrences of cyber security threats – looking at the increased sophistication of those cyber-attacks; the growing frequency of such attacks; the professionalism of the attackers, and the persistence of targeting by … [Read more...]

Online Privacy Rights Remain Under Attack and Unresolved Issues for Many in 2013

April 9, 2013 By Leave a Comment
Cyber Security

In a recent article, posted by PC World and written by Melissa Riofrio, the topic of online privacy for individuals was addressed in the light of growing threats to that privacy predicted for 2013. And, while a debate may exist about the meaning of privacy between different generations of individuals, the fact is that the data any individual generates on the internet is still a rich trove of information that says more about you than you may realize --- not to mention that it is also a tempting target for marketers and law enforcement officials alike. This year, your online privacy faces … [Read more...]

NIST Updating SP 800-53 Information Security Guidance Document

April 3, 2013 By Leave a Comment
Photo courtesy of dnssec-deployment.org

Many of our readers – especially associated with government contracting -- may not know that the National Institute of Standards and Technology (NIST) is now a step closer to publishing its 4th version of one of its premier information security guides --- i.e. Special Publication 800-53: Security and Privacy Controls for Federal Information Systems and Organizations. More specifically, on Feb 5th 2013, NIST issued the final public draft of the guidance, seeking comments from the public as NIST will then publish the final version of SP 800-53 Rev 4, --- expected sometime this month of … [Read more...]

Cyber Insurance, Data Privacy and Information Security 2013 Trends Report

March 2, 2013 By Leave a Comment
Photo courtesy of watsec.com

An exclusive 2013 report funded and released by the Cyber Data Risk Managers group offers the opinions of top industry regarding experts on what they think, feel and should happen in 2013 as it pertains to Data Privacy, Information Security and Cyber Insurance, as well as, what steps can be taken to mitigate risk(s) surrounding these cyber security related potential threats. A short summary of some of those observations and trends reported are: Inadequate security measures on government and private sector networks, critical infrastructure and telecommunications represent perhaps the … [Read more...]

SP 800-53 Rev 4 Planned Release for April 2013

March 2, 2013 By Leave a Comment
NIST LOGO novainfosecportal dot com

Special Publication 800-53: Security and Privacy Controls for Federal Information Systems and Organizations – one of the National Institute of Standards and Technology's (NIST) premier information security guides --- is soon to be published in its 4th revision. Though the guidance is aimed at federal government IT systems, it is frequently followed by local, state and tribal governments as well as private-sector enterprises. Major changes in Revision 4 are planned to include: New security controls and control enhancements addressing the advanced persistent threat, supply chain, … [Read more...]

Social Media Risk Management Becomes Focus of New FFIEC Guidance Draft Document

January 25, 2013 By Leave a Comment
Photo courtesy of bankinfosecurity.com

The ever growing challenge of social media risk management remains a topic of concern and focus for not only financial institutions but also for many organizations now using social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback from the public and engaging with existing and potential customers --- for example, by receiving and responding to complaints. Very recently, the Federal Financial Institutions Examination Council (FFIEC) released proposed guidance on the applicability of consumer protection and … [Read more...]

Security Snafus — The Worst of 2012 So Far…

December 14, 2012 By Leave a Comment
Sharing is Not Stealing

As portrayed at a recent protest in central Brussels via a photo credited to REUTERS / Yves Herman depicts a protester wearing a Guy Fawkes mask (symbolic of the hactivist group Anonymous), the first six (6) months of 2012 ranged from the embarrassing hack of a conversation between the FBI and Scotland Yard to an overabundance of data breaches. (Click here to view more details).  Click here to view those security snafus for the rest of the year. Ellen Messmer, a writer for Network World, has recently posted a gathering of the worst security snafus organized by month of 2012 inclusive … [Read more...]

BYOD – Attend Webinar to Build a Business Case of Support

October 23, 2012 By Leave a Comment

The risks associated with employees now bringing their own smartphones, tablets and mobile storage devices to the job remain a topic on the minds of every information security professional in nearly all organizations. While much has been and will continue to be written on this topic, risk management strategies by many CISO’s are still too often trying to develop defenses that reject this trend rather than trying to find ways to embrace this trend as a means to cut costs and improve productivity. In an exclusive case study now being offered in a webinar format, Intel CISO Malcolm … [Read more...]

Data Breach Report Offers State by State Regulation Requirements

October 9, 2012 By Leave a Comment
Photo courtesy of experian.com

Unfortunately, for many U.S. companies facing the reality of data breach occurrences and data breach notifications – i.e. reaching an agreement on what they are and what are you required to do once they occur – remains a very complex topic yet still poses potentially large economic risk(s) when they occur.  Even more to the point, each state and its jurisdiction requirements within the U.S. differs in one way or another on how to legally handle data breach occurrences and the notification requirements that accompany them..  Just as important, even a local or regional business, … [Read more...]

NIST Releases New Access-Control Systems Evaluation Guidance Document

September 25, 2012 By Leave a Comment
Photo courtesy of govinfosecurity.com

The National Institute of Standards and Technology (NIST) has released an inter agency report (NISTIR 7874) entitled, “Guidelines for Access-Control Systems Evaluation Metrics”, and which report objective is to help access control experts improve their evaluation of the highest security access-control systems by discussing the administration, enforcement, performance and support properties of mechanisms that are embedded in each access-control system. This new report extends the information in NISTIR 7316, "Assessment of Access Control Systems", which demonstrates the fundamental … [Read more...]

«Older Posts
 
#BusinessContinuity & #DisasterPrep is out! http://t.co/kQAWgR2ySu ▸ Top stories today via @Nisar_eBRP @Scott_eBRP @AARPMD2 hours ago