NIST Offers Cybersecurity Assessment Tool

NISTNIST has created a self assessment tool for companies and organization who are working through the NIST Cyber Security Framework (NIST-CSF).  This tool is called the Baldridge Cybersecurity Excellence Bulder and is designed to help companies implement the principles of the CSF.

According to NIST, organizations can use the Baldrige Cybersecurity Excellence Builder to:

  • Identify cybersecurity-related activities that are critical to business strategy ...
Continue Reading →
0

FTC Issues Alert for Rental Car Users

DHSBack on August 31 I received an email from the Department of Homeland Security about a set of FTC recommendations for people using rental cars.  I have experienced this issue myself.  Basically, it is simple and relatively convenient to connect a smartphone to the smart vehicle’s infotainment system in order to enjoy hands free phone calls, stored musical tracks, and the phone’s navigation application.  The problem is that the car ...

Continue Reading →
0

National Cyber Security Awareness Month

US-CERTOctober is National Cyber Security Awareness Month.  This was released by US-CERT, and I thought it was worth posting.

“October is National Cyber Security Awareness Month, which is an annual campaign to raise awareness about cybersecurity. In partnership with DHS, the National Cyber Security Alliance (NCSA) has released the first in a series of tips focused on helping people protect their online activities and increasing ...

Continue Reading →
0

Use Linux Tails for Privacy

Linux-TailsYou don’t need to be a journalist, freedom fighter, or living under an oppressive political regime to have the desire for some online privacy.  Maybe you are trying to put the contents of your life back into the Pandora’s box you opened when you signed up on Facebook.  Maybe you would like a little privacy in your online life.

Linux Tails is an ...

Continue Reading →
0

Mobile Security Tips

smartphone-securityAs we add more mobile and portable devices to our digital collection, cybersecurity for mobile devices becomes more important.  Smartphones, tablets, wearable tech,  and ultra-portable laptops are certainly convenient and easy to carry, but that makes them easy for a thief to carry off.  When these devices are stolen, you lose much more than the hardware.  Every bit of information on the device is up for grabs too, from contact lists, personal information, mobile ...

Continue Reading →
0

What Is Your Data Worth?

penetration_test_436x270When you lose your login credentials to an online account, it can be devastating.  Depending on what was compromised and what was lost, you may have an expensive and time-consuming task on your hands.  So the bad guys took your user ID and password, or some other personal information.  Was it worth it?  There is an active resale market for this information, and some ...

Continue Reading →
0

BEC – How Cyber-Attackers Can Rip Off Your Company

ic3We warned our readers about the FBI alert regarding the Business Email Compromise scam on July 6.  Cyber-criminals have successfully bilked US companies of over 3 billion dollars since January 2015.  Typically this exploit starts by the attacker gaining knowledge of the CEO’s or other highly placed executive’s user credentials to their email account.  This is most often done using a spearphishing email, but could also be accomplished ...

Continue Reading →
0

Recovering from Ransomware

teslacryptYou have trained your staff and improved your defenses.  In spite of your best efforts, you have an active case of crypto-malware running on a system in your business.  How do you recover?

Here are the steps to recovery:

  • Disconnect the affected system from the network by removing the Ethernet network cable connection or turning off the Wi-Fi connection.
  • Determine if the encryption process has completed.
    • If so, leave the system running, but disconnected from the network. ...
Continue Reading →
0

20 Questions For Preparing An IT Risk Assessment

risk-assessment-managementMany small businesses are being dragged into the arena of IT risk assessment by larger client companies, suppliers, or regulators.  Common scenarios include credit card (PCI) or HIPAA compliance.  Since the Target breach, smaller vendors and supplier companies who have a network connection into the IT operations of a larger company are being required to undergo the same sort of vulnerability and risk assessment procedures ...

Continue Reading →
0

Cybersecurity – Where Are We?

cybersecurity_436x270Sometimes in the maelstrom of cybersecurity battles, it is helpful to step back and see where we came from, where we are, and where we are going.  This year, in addition to studying for and passing the CISSP exam, I have been to a bunch of security conferences.  I’ve been to MISC.conf, Secure360, B-Sides, and the Tech Security Conference.  Here are some highlights and insights ...

Continue Reading →
0
Page 9 of 13 «...7891011...»