Category: Compliance & Operational Security

Enjoy discussions surrounding the compliance and operational needs that must be addressed in every organization.

FISMA Compliance & NIST SP 800-37 (Rev. 1)

The "Federal Information Security Management Act," or "FISMA," is a U.S. federal law that arose from the E-Government Act of 2002. In this act, the U.S. government underlined the significance of  improving the management of electronic government services and processes. FISMA provides the framework for organizations to develop and maintain the minimum security goals for ...

How Organizations Can Determine the Impact of Cybersecurity Incidents

When determining the impact of a computer security incident, it helps to classify the threat encountered, which usually occurs before the actual Incident Response (IR) process begins. Determining the impact will also determine whether the incident should even be considered an "incident." Think about what vulnerability the threat exploited. If this was an unknown vulnerability ...

NIST releases version 1.1 of The Cybersecurity Framework. Here’s a Summary

The National Institute of Standards and Technology has recently released version 1.1 of the Cybersecurity Framework (CSF), designed to improve the cybersecurity of industries, companies, and organizations that are a part of the nation's critical infrastructure (e.g., energy, power, banking, communications, defense, etc.). The CSF is a voluntary framework that was originally developed in response ...

Scan Your Home Network for Vulnerabilities Using Nessus

Nessus is a proprietary vulnerability scanner created by Tenable, Inc. It is free to home users for personal use (Nessus Home), but requires a license for commercial use (Nessus Professional). Obviously, the commercial version comes with more features, but this does not in any way degrade the effectiveness of Nessus Home. With Nessus Home, users ...

A Simple Guide to Vulnerability Management

A "vulnerability assessment" discovers what vulnerabilities are present on your organization's infrastructure and classifies them according to their level of criticality. Vulnerability assessments are usually conducted by qualified personnel or Approved Scanning Vendors (ASVs) by means of a vulnerability scanner, such as Nessus, OpenVAS, QualysGuard, Nexpose, and so on. These are special forms of software ...