Is There Cyber Risk? How to Assess Risk?

An interesting video from RSA Conference 2018: “There’s no such Thing as a Cyber-risk” So if you look at possible risk domains  Computer Security (or Cybersecurity is not on there. Operations: errors – fraud – talent – employee engagement – safety Service Availability: capacity, resiliency, data integrity, intentional disruption Product delivery: pre-executions – release executions … Read more

NIST 800-171 rev1 (Updated 6/7/2018)

This document was updated and created to protect CUI – Controlled Unclassified Information for all government entities. So if you want to have a contract with the government you better have a plan in place. Due to Executive order 13556 (Nov 4, 2010), Controlled Unclassified Information program to standardize unclassified information and designated the NARA … Read more

Tuesday July 10th patch Tuesday #7 of 2018

53 vulnerabilities in today’s Patch Tuesday There is a Dashboard set up by Morphus Labs 3 publicly disclosed and 17 critical. It is always important to keep up on your patching regimen, as today’s vulnerabilities become more and more dangerous in the future. But one has to assess the current and older vulnerabilities with what … Read more

100% Cybersecurity is Impossible

Do you want to use the Internet? Computers? Tablets? Cellphones? There is no device created that is 100% secure with no risk. So now what? Risk management – is what we are supposed to do, where the risk of using something is lower than the value of using it. For example: using a computer for … Read more