Saturday, December 4, 2021

Subscribers Only

Free

Protecting Your Business Against Ransomware Attacks: A Primer

In light of the recent and escalating spate of ransomware attacks in the United States and internationally, the Biden administration has made it a top priority to strengthen the nation’s resilience against cyberattacks. Although the Federal Government is taking action by working with international partners and developing policies to disrupt and deter ransomware actors, it […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

NIST: Cybersecurity Framework Profile for Ransomware Risk Management

The Ransomware Profile defined in this report maps security objectives from the Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (also known as the Cybersecurity Framework) to security capabilities and measures that support preventing, responding to, and recovering from ransomware events. The profile can be used as a guide to managing the risk of ransomware […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Software Development: DoD Faces Risks and Challenges in Implementing Modern Approaches and Addressing Cybersecurity...

The Department of Defense plans to spend $12 billion on its 29 largest business information technology systems during FYs 2019-2022. DoD’s efforts to modernize business systems has been a topic on our High Risk List since 1995. In a recent study, GAO found: 22 programs that were actively developing software reported using approaches that reduced […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

CISA Warns of Ransomware Threat to Operational Technology and Control Systems

CISA warns that ransomware attacks targeting critical infrastructure such as Colonial Pipeline have demonstrated the rising threat that ransomware poses to operational technology (OT)...

Ransomware Risk Management: Preliminary Draft NISTIR 8374 Available for Comment

NIST’s National Cybersecurity Center of Excellence (NCCoE) has released a new Preliminary Draft report, NIST Interagency or Internal Report (NISTIR) 8374, Cybersecurity Framework Profile for Ransomware Risk Management. Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. In some instances, attackers may also steal an organization’s information and demand additional […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Recommendations for Federal Vulnerability Disclosure Guidelines: Draft NIST SP 800-216 Available for Comment

NIST is inviting comments on Draft NIST Special Publication (SP) 800-216,  Recommendations for Federal Vulnerability Disclosure Guidelines, which establishes a flexible, unified framework for establishing policies and implementing procedures for reporting, assessing, and managing vulnerability disclosures for systems within the Federal Government. Per the Internet of Things Cybersecurity Improvement Act of 2020, Public Law 116-207, and […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

CDM System Run by DHS Has Not Improved DHS Cybersecurity Posture

Last year, the GAO concluded that the Continuous Diagnostics and Mitigation program overseen by the Department of Homeland Security had improved the cybersecurity posture of three agencies: the Federal Aviation Administration, Indian Health Services, and the Small Business Administration. However, the DHS inspector general now reports that the agency has made limited progress implementing its […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Hacked Tech Company Not Entitled to Cyber Coverage for Debt Payment Wired by Client...

Alorica Inc., a technology services company, was the victim of an apparent phishing attack in October 2017. After gaining access to Alorica’s email system, hackers emailed Alorica’s clients, asking them to send payments to fraudulent bank accounts. One of those clients wired more than $4.8 million to the hackers’ bank account, and subsequently refused to […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

NSA Video Examines Effective Use of Protective DNS

The National Security Agency has released a new video in its Cybersecurity Collaboration Center speaker series. In this edition, Dr. Josiah Dykstra speaks with Lieutenant Zachary Dannelly, United States Navy, about the effective use of Protective DNS. Source: YouTube: The Effective Use of Protective DNS
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

High-Risk Series: Federal Government Needs to Urgently Pursue Critical Actions to Address Major Cybersecurity...

In a recent audit, GAO reiterated to federal agencies the importance of addressing multiple major cybersecurity challenges and 10 critical actions to fix them. While the government has strengthened its cybersecurity posture, GAO says agencies need to adopt a greater sense of urgency that is equal to the grave threats presented to the country. In […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.