NIST Cybersecurity Blog
The NIST Cybersecurity Blog is a combination of original posts from President and CEO Steven Senz, as well as occasional guests posts from cybersecurity professionals. Check back often for the latest in NIST compliance for the Federal Government.
Popular Posts
Unnecessary Legitimate Services
This business is effectively charging about $2400 per hour for their services…
Caller ID Spoofing
Caller ID spoofing is a technology that allows the originator to alter the information forwarded to your caller ID in order to hide the true number…
Phishing Attacks: Part 2
Phishing attacks use e-mail to trick users into downloading malware onto their systems for the purpose of stealing information or placing the user in a compromising position that the attacker can exploit…
Why You Need A Junk Email Account
Everyone already has multiple e-mail or messaging accounts: personal, business, LinkedIn, Facebook, Twitter… The list goes on. Why would I need to create a junk e-mail account…?
Phishing Attacks: Part 1
Phishing attacks use e-mail to trick users into downloading malware onto their systems for the purpose of stealing information or placing the user in a compromising position that the attacker can exploit…
$30 Solution to Ransomware Attacks
Ransomware is becoming the number 1 form of malware, affecting individuals and businesses alike. In 2019, ransomware attacks are expected to climb to over 11 billion in payments and repair damages…
Vulnerability Optimization
Vulnerabilities in operating systems or applications are excellent attack vectors for cyber criminals. These vulnerabilities are weaknesses in the code that facilitate numerous types of attacks that can cause systems to behave erratically or information to be lost or exposed…
Small Business Vulnerabilities
One of the reasons why small business is so vulnerable to cyber attacks is that cyber security is not integral to their business plans or part of the company’s growth strategy. Consequently, small business is considered “low hanging fruit” for hackers and other cyber criminals…
Small Business Cyber Risk
Did you know that 47% of small business have suffered a cyber attack last year? Did you know that the Federal government is so concerned about small business exploitation that they now require their small business contractors to complete an independent cyber security assessment?
Verification Vs. Validation
With respect to security, businesses are often focused on doing the right things but fail to do the things right. Equifax is an example of an organization that strategically was doing the right things but tactically was not doing the things right…
Access Control Lists
Do you know who has access to your most sensitive data? Access Control Lists (ACLs) are developed to place people into groups to access various types of information. Some departments have clear cut lines of authority – but what about Controlled Unclassified Information (CUI) produced for Federal contracts? Does everyone on the contract need to see this information? Does everyone need to see this information in final form..?
Cyber Security Awareness Training
Cyber security awareness training provides the greatest assurance of reducing information system compromise. People remain the biggest weakness of any information system. Properly trained people on cyber security decreases the risk of system compromise by 80%…
Avoid These NIST Compliance Problems
There are numerous solutions providers and assessor companies that propose a single solution that solves the requirements of NIST SP 800-171, but this simply is not the case.
Some applications may solve a family of controls or several controls in multiple families, but there is no single application that will satisfy all the requirements of the NIST controls…
Recent Posts
Recent Posts
- Unnecessary Legitimate Services
- Caller ID Spoofing
- Phishing Attacks Part 2
- Why You Need A Junk Email Account
- Phishing Attacks Part 1
- $30 Solution to Ransomware
- Social Engineering
- Vulnerability Optimization
- Small Business Vulnerabilities
- Small Business Cyber Risk
- Verification Vs. Validation
- Access Control Lists
- Cyber Security Awareness Training
- Avoid These NIST Compliance Problems
- ASCERTIS User Guide
- Protected: Responsibilities of the Authorizing Official Presentation
- NIST 800-171a
- Protected: Certification Statement
- Pre-Site Questionnaire
- Responsibilities of the Authorizing Official
- Authority to Operate Template
- Certification Template
- Plan of Actions and Milestones Template
- Risk Assessment Report Template
- Security Assessment Report Template
- System Security Plan Template
- Security Test and Evaluation Template
- ASCERTIS Overview