NIST Cybersecurity Blog

The NIST Cybersecurity Blog is a combination of original posts from President and CEO Steven Senz, as well as occasional guests posts from cybersecurity professionals. Check back often for the latest in NIST compliance for the Federal Government.

Popular Posts

Warranty

Unnecessary Legitimate Services

This business is effectively charging about $2400 per hour for their services…

Caller ID Spoofing

Caller ID Spoofing

Caller ID spoofing is a technology that allows the originator to alter the information forwarded to your caller ID in order to hide the true number…

Hacker Cloud

Phishing Attacks: Part 2

Phishing attacks use e-mail to trick users into downloading malware onto their systems for the purpose of stealing information or placing the user in a compromising position that the attacker can exploit…

Spam Email

Why You Need A Junk Email Account

Everyone already has multiple e-mail or messaging accounts: personal, business, LinkedIn, Facebook, Twitter… The list goes on.  Why would I need to create a junk e-mail account…?

Hacker Cloud

Phishing Attacks: Part 1

Phishing attacks use e-mail to trick users into downloading malware onto their systems for the purpose of stealing information or placing the user in a compromising position that the attacker can exploit…

Hacker

$30 Solution to Ransomware Attacks

Ransomware is becoming the number 1 form of malware, affecting individuals and businesses alike.  In 2019, ransomware attacks are expected to climb to over 11 billion in payments and repair damages…

Hacker

Vulnerability Optimization

Vulnerabilities in operating systems or applications are excellent attack vectors for cyber criminals.  These vulnerabilities are weaknesses in the code that facilitate numerous types of attacks that can cause systems to behave erratically or information to be lost or exposed…

Cyber Thieves

Small Business Vulnerabilities

One of the reasons why small business is so vulnerable to cyber attacks is that cyber security is not integral to their business plans or part of the company’s growth strategy.  Consequently, small business is considered “low hanging fruit” for hackers and other cyber criminals…

Cyber Crime Tape

Small Business Cyber Risk

Did you know that 47% of small business have suffered a cyber attack last year? Did you know that the Federal government is so concerned about small business exploitation that they now require their small business contractors to complete an independent cyber security assessment?

Security Circuits

Verification Vs. Validation

With respect to security, businesses are often focused on doing the right things but fail to do the things right. Equifax is an example of an organization that strategically was doing the right things but tactically was not doing the things right…

Fingerprint Security

Access Control Lists

Do you know who has access to your most sensitive data?  Access Control Lists (ACLs) are developed to place people into groups to access various types of information.  Some departments have clear cut lines of authority – but what about Controlled Unclassified Information (CUI) produced for Federal contracts? Does everyone on the contract need to see this information?  Does everyone need to see this information in final form..?

Code and Lock

Cyber Security Awareness Training

Cyber security awareness training provides the greatest assurance of reducing information system compromise.  People remain the biggest weakness of any information system.  Properly trained people on cyber security decreases the risk of system compromise by 80%…

Department of Defense NIST 800-171

Avoid These NIST Compliance Problems

There are numerous solutions providers and assessor companies that propose a single solution that solves the requirements of NIST SP 800-171, but this simply is not the case. 

Some applications may solve a family of controls or several controls in multiple families, but there is no single application that will satisfy all the requirements of the NIST controls…

Recent Posts

Copy link