How About A Cybersecurity Framework By NIST

Posted on ITSecurity Training

NIST is the National Institute of Science and Technology and CSF is the Cybersecurity Framework.  There are manypdf’s (v1.1) on this topic, but the changes in versions are not my focus.  Although I did cover this a small bit in a post from 2014: https://oversitesentry.com/cybersecurity-framework-by-nistnational-institute-of-standards-and-technology/ at that point NIST had the major points but not […]

Read more >

Cybersecurity – Where do we go from here?

Posted on ITSecurity Training

Let’s list some of the problem areas: Ransomware Phishing Backups – Restore Remote Access Cloud Computing Awareness Issues – Training If you do not prepare for the future then it will create surprises when you least expect it   or the future may make changes in ways that you will not appreciate. An example of this […]

Read more >

Security Psychology – or Risk Gambler?

Posted on ITSecurity Training

  The human factor is always underappreciated in helping decide on what can be done with our Computer Security. “Security Mental Model: Cognitive map approach” Tahani Albalawi, Kambiz Ghanzinour and Austin Melton paper: The computer security community has developed formal methods for providing security properties to systems and organizations. However, the human role has often […]

Read more >

Small Business IT is Failing in Cybersecurity

Posted on securitycommunity

Ransomware hitting the unsuspecting small business that does not have all the Security pieces in place(SCMedia story:” Here are the most common ways businesses get compromised by ransomware“. Darkreading has a story:”Manufacturing Sees rising Ransomware Threat” What is considered a ‘small business’ ? The SBA considers several criteria (how many employees – less than 500) […]

Read more >

VPN Vulnerabilities show Work From Home(WFH) Weakness

Posted on computersecuritynews

NSA has a cybersecurity  advisory It says that Pulse SecureTM, Palo Alto GlobalProtectTM, and Fortinet FortigateTM VPN(Virtual Private Network) products have vulnerabilities 3 of them VPN CVEs being currently exploited include but may not be limited to: CVE-2019-11510 and CVE-2019-1153 which allow for remote arbitrary file downloads and remote code execution on Pulse Connect Secure […]

Read more >