Enjoy discussions surrounding the compliance and operational needs that must be addressed in every organization.
Category: Compliance & Operational Security
The Sony Pictures Entertainment Hack: A Look at the Evidence We Have
Note: Much of this information comes from an official affidavit, The United States of America vs. Park Jin Hyok, also known as ("aka") "Jin Hyok Park," aka "Pak Jin Hek," (United States District Court for the Central District of Caliornia June 8, 2018). If you want to review the entire 179-page document, it's available at https://www.justice.gov/opa/press-release/file/1092091/download. The ...
FISMA Compliance & NIST SP 800-37 (Rev. 1)
The "Federal Information Security Management Act," or "FISMA," is a U.S. federal law that arose from the E-Government Act of 2002. In this act, the U.S. government underlined the significance of improving the management of electronic government services and processes. FISMA provides the framework for organizations to develop and maintain the minimum security goals for ...
How Organizations Can Determine the Impact of Cybersecurity Incidents
When determining the impact of a computer security incident, it helps to classify the threat encountered, which usually occurs before the actual Incident Response (IR) process begins. Determining the impact will also determine whether the incident should even be considered an "incident." Think about what vulnerability the threat exploited. If this was an unknown vulnerability ...
NIST releases version 1.1 of The Cybersecurity Framework. Here’s a Summary
The National Institute of Standards and Technology has recently released version 1.1 of the Cybersecurity Framework (CSF), designed to improve the cybersecurity of industries, companies, and organizations that are a part of the nation's critical infrastructure (e.g., energy, power, banking, communications, defense, etc.). The CSF is a voluntary framework that was originally developed in response ...
Scan Your Home Network for Vulnerabilities Using Nessus
Nessus is a proprietary vulnerability scanner created by Tenable, Inc. It is free to home users for personal use (Nessus Home), but requires a license for commercial use (Nessus Professional). Obviously, the commercial version comes with more features, but this does not in any way degrade the effectiveness of Nessus Home. With Nessus Home, users ...
The Cybersecurity Man 