NIST is the National Institute of Science and Technology and CSF is the Cybersecurity Framework. There are manypdf’s (v1.1) on this topic, but the changes in versions are not my focus. Although I did cover this a small bit in a post from 2014: https://oversitesentry.com/cybersecurity-framework-by-nistnational-institute-of-standards-and-technology/ at that point NIST had the major points but not … Read more
Let’s list some of the problem areas: Ransomware Phishing Backups – Restore Remote Access Cloud Computing Awareness Issues – Training If you do not prepare for the future then it will create surprises when you least expect it or the future may make changes in ways that you will not appreciate. An example of this … Read more
The human factor is always underappreciated in helping decide on what can be done with our Computer Security. “Security Mental Model: Cognitive map approach” Tahani Albalawi, Kambiz Ghanzinour and Austin Melton paper: The computer security community has developed formal methods for providing security properties to systems and organizations. However, the human role has often … Read more
Are we being too complacent in our feeling of “nothing will happen to us” with regard to Cybersecurity? 2 stories tie this theme together: Phishing awareness training wears off after a few months Apparently retraining is required after 6 months. Ransomware and Observations from Recent IR investigations Businesses are still getting ransomware, not how it … Read more
As you may know, Patch Tuesday is the second Tuesday of the month (which happens to be September 8th on this month), literally the earliest it can happen. So today – the 14th of September, we had a little bit of time to evaluate the massive numbers of software pieces that need to be upgraded. … Read more