How to Apply the Risk Management Framework (RMF)
The Risk Management Framework (RMF) is most commonly associated with the NIST SP 800-37 guide for “Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle...
View ArticleNSA offers advice: connecting OT to the rest of the net can lead to...
The US Defense Department and third-party military contractors are being advised to strengthen the security of their operational technology (OT) in the wake of security breaches, such as the SolarWinds...
View ArticleNew Executive Order Seeks to Strengthen Security of Federal Government Networks
The Biden Administration published a new executive order (EO) to strengthen the digital security of U.S. federal government networks. Published on May 12 by The White House, the executive order covered...
View ArticleLast (Executive) Orders Please: Supply Chains, Policy and Modernising...
On May 12th, the President of the USA, Joe Biden, signed an Executive Order (EO) that would bolster the cyber defences of the USA. The EO is intended to protect against “increasingly sophisticated...
View ArticleNew Bill Could Force U.S. Businesses to Report Data Breaches Quicker
A bipartisan Senate bill would require some businesses to report data breaches to law enforcement within 24 hours or face financial penalties and the loss of government contracts. The legislation from...
View ArticleCybersecurity Maturity Model Certification (CMMC) – A Model for Everyone
Data breaches have reached a fever pitch over the last few years. The rapid frequency of successful attacks coupled with the rising costs to businesses has raised attention at the highest levels of...
View Article“PlugWalkJoe” indicted for $784K SIM swap cryptocurrency theft
The U.S. Department of Justice charged a British man for his alleged role in stealing $784,000 worth of cryptocurrency using SIM swap attacks. According to the unsealed indictment, Joseph James...
View ArticleComply 2 Connect (C2C) – A Solution to Quell the Rogues in Our Midst
Have you ever taken a personal device to work and connected it to the work network? Maybe you connected to the Wi-Fi with a mobile device. Perhaps you brought in a personal laptop and plugged into an...
View Article99% of Federal Security Pros Feel the U.S. Government Must Do More to Protect...
As you’ll recall, the White House published an Executive Order (EO) on Improving the Nation’s Cybersecurity back in May 2021. The EO issued several commands such as creating a Cyber Safety Review Board...
View ArticleAs ransomware attacks rise, US government advice to protect K-12 schools is...
A recently published report from the US Government Accountability Office (GAO) has warned that official security guidance from the Department of Education is out-of-date, and needs to be refreshed to...
View ArticleRedirecting the Zero Trust Conversation to Build a More Robust Architecture
In a recent Tripwire survey, over 300 respondents from both private and public sectors said that implementing Zero Trust Architecture (ZTA) could materially improve cybersecurity outcomes. This result...
View ArticleAustralia Leads with Controversial Cyber Laws
The Australian government is looking to pass the Security Legislation Amendment (Critical Infrastructure) Bill 2020, an overhaul which is aimed to help Australian businesses fend off cyberattacks. The...
View ArticleCybersecurity Standards, Ransomware, and Zero Trust: 3 Key Considerations for...
In September 2021, Tripwire released its annual report to examine the actions taken by the U.S. federal government to improve cybersecurity. The report also looks at non-government organizations so...
View ArticleThe DHS is inviting hackers to break into its systems, but there are rules of...
The United States Department of Homeland Security (DHS) is inviting security researchers to uncover vulnerabilities and hack into its systems, in an attempt to better protect itself from malicious...
View ArticleMajor Updates to the Cybersecurity Maturity Model Certification: What You...
The United States Department of Defense (DoD) views securing the supply chain and the Defense Industrial Base (DIB) as one critical pillar in protecting national security. Dedicated security...
View ArticleKey Considerations for Canada’s Forthcoming National Cyber Security Strategy
On December 16, Prime Minister Justin Trudeau released mandate letters tasking his ministers of national defense, foreign affairs, public safety, and industry to develop a new “National Cyber Security...
View ArticleU.S. government warns that sensitive data is being stolen from defence...
The Federal Bureau of Investigation (FBI), Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) have joined forces to publish a...
View ArticleRegulating a Nation’s Information Security Workforce
In a previous article, I examined Australia’s proposed Security Legislation Amendment (Critical Infrastructure) Bill 2020. This information security overhaul imposes strict reporting requirements for...
View ArticleUS legislation brings mandatory cyberattack and ransomware reporting one step...
The US Senate has passed legislation designed to improve the cybersecurity of the Federal Government. The legislation, which consists of three bills, was unanimously passed by the Senate on Tuesday...
View ArticleTexas SB 820 Advances K-12 Cybersecurity Despite Limitations
Like many organizations, K-12 schools adapted to COVID-19 by accelerating their digital transformation journeys. And like everyone else who followed this path, they invited unwanted attention from...
View ArticleWhat is Bundesamt für Sicherheit in der Informationstechnik (BSI)?
Have you ever confused your acronyms? Perhaps you have laughed when someone has had to explain some of the acronyms used in text messages. Business, and especially technology acronyms are almost as...
View Article5 Things to know about the UK’s National Cyber Security Centre (NCSC)
#1 The history of the National Cyber Security Centre The UK’s first cybersecurity strategy was launched in 2009 and outlined that whatever the shape of the cybersecurity mission, it made no sense to...
View ArticleCybersecurity in city government, taken to new heights: An Interview with...
When most people speak of any city government, they often mention words like “Bureaucratic”,“Behind the times”, and “Slow.” This is especially true when considering cybersecurity initiatives....
View Article$10 million reward offered for information on foreign government-linked...
A $10 million reward is being offered for information leading to the identification or location of malicious hackers working with North Korea to launch cyber attacks on US critical infrastructure. The...
View Article
