Looking

now browsing by tag

 
 

NIST #Cybersecurity Framework #Getting a #Facelift, Looking to Make #Adoption #Easier

One of the biggest obstacles to securing the nation’s critical infrastructure components, as well as to securing enterprise environments, is poor coordination.

Whether it’s the lack of a common vocabulary, a lack of agreement about best practices and recommended methodologies, or simply seeing security through different lenses, it’s clear that without a common playbook from which to collaborate, the public and private sectors both struggle to work create truly effective security strategies.

It’s against that backdrop that the National Institute of Standards and Technology is preparing to release an updated version of its Cybersecurity Framework, with an eye on making the framework easier to understand and adopt. NIST is currently reviewing public comments on the draft update (the comment period ended in January), and is expecting to release the new framework later this year.

The Cybersecurity Framework, which was first mandated by the Cybersecurity Enhancement Act of 2014, was born from an executive order issued by Barack Obama in 2013. Originally conceived as a way to get private sector entities charged with protecting critical infrastructure components such as roads, bridges and the power grid on the same page, the Cybersecurity Framework has subsequently been adopted by industries and organizations of all types and sizes.

Read More….

advertisement:

The post NIST #Cybersecurity Framework #Getting a #Facelift, Looking to Make #Adoption #Easier appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Looking #ahead to the #biggest 2018 #cybersecurity #trends

Source: National Cyber Security – Produced By Gregory Evans

Jon Oltsik, an analyst with Enterprise Strategy Group in Milford, Mass., examined some of the top 2018 cybersecurity trends. While some analysts have focused on ransomware, and others made dire pronouncements about nationwide power-grid attacks, Oltsik said he’s more concerned about cloud security, where easily exploitable vulnerabilities are becoming increasingly likely.

Security teams — many of which are facing a severe lack of cybersecurity skills — are struggling with the rapid deployment of cloud technologies, such as virtual machines, microservices and containers in systems such as Amazon Web Services or Azure. Many organizations are switching to high-end security options from managed security service providers or SaaS providers. ESG research indicated 56% of organizations are interested in security as a service.

Among other 2018 cybersecurity trends, Oltsik said he foresees greater integration of security products and the continued expansion of the security operations and analytics platform architecture model. As large vendors like Cisco, Splunk and Symantec scramble to catch up, they will fill holes in existing portfolios. Although he said he sees machine learning technology stuck in the hype cycle, in 2018, Oltsik projects machine learning will grow as a “helper app” in roles such as endpoint security or network security analytics.

With the introduction of the European Union’s General Data Protection Regulation (GDPR) on May 25, 2018, Oltsik said a major fine — perhaps as much as $100 million — may serve as a wake-up call to enterprises whose security platforms don’t meet the standard.

“One U.K. reseller I spoke with compared GDPR to Y2K, saying that service providers are at capacity, so if you need help with GDPR preparation, you are out of luck. As GDPR anarchy grips the continent next summer, look for the U.S. Congress to (finally) start engaging in serious data privacy discussions next fall,” he added.

The challenges of BGP
Ivan Pepelnjak, writing in ipSpace, said when Border Gateway Protocol (BGP) incidents occur, commentators often call for a better approach. “Like anything designed on a few napkins, BGP has its limit. They’re well-known, and most of them have to do with trusting your neighbors instead of checking what they tell you,” he said.

To resolve problems with BGP, Pepelnjak recommended the following: First, IT teams need to build a global repository of who owns which address. Second, they need to document who connects to whom and understand their peering policies. And they need to filter traffic from those addresses that are obviously spoofed.

The good news, Pepelnjak, said, is most BGP issues can be solved with guidance from volume 194 of Best Current Practices — the latest update. In Pepelnjak’s perspective, internet service providers (ISPs) are often the problem. ISPs have little incentive to resolve BGP issues or reprimand customers who can easily switch to more permissive providers. An additional problem stems from internet exchange points running route servers without filters.

According to Pepelnjak, because engineers hate confrontation, they often turn to cryptographic tools, such as resource public key infrastructure, rather than fixing chaotic or nonexistent operational practices. “What we’d really need to have are (sic) driving licenses for ISPs, and some of them should be banned for good, due to repetitive drunk driving. Alas, I don’t see that happening in my lifetime,” he added.

Read more of Pepelnjak’s thoughts on BGP issues.

Artificial intelligence, low-code and abstracting infrastructure
Charlotte Dunlap, an analyst with GlobalData’s Current Analysis group in Sterling, Va., blogged about the repositioning of mobile enterprise application platforms (MEAP) to address app development and internet of things. Dunlap said advancements in AI, API management and low-code tools play into DevOps’ need for abstracted infrastructure.

GlobalData research indicated that MEAP is widely used to abstract complexity, particularly in use cases such as application lifecycle management related to AI-enabled automation or containerization.

GlobalData awarded high honors to vendors that integrated back-end data for API management, such as IBM MobileFirst and Kony AppPlatform. Dunlap said mobile service provider platform strategies have increasingly shifted to the needs of a DevOps model.

“Over the next 12 months, we’ll see continued momentum around a growing cloud ecosystem in order to stay competitive with broad platform services, including third-party offerings. Most dominant will be partnerships with Microsoft and Amazon for offering the highest levels of mobile innovation to the broadest audiences of developers and enterprises,” Dunlap said.

The post Looking #ahead to the #biggest 2018 #cybersecurity #trends appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity breaches: Centre is looking to roll out this major innovative approach

Source: National Cyber Security – Produced By Gregory Evans

The government is working on creating a single framework for reporting breach of cyber security at financial institutions and a working group is soon likely to be formed, sources in the know told FE. The government is working on creating a single framework for reporting breach of cyber security at…

The post Cybersecurity breaches: Centre is looking to roll out this major innovative approach appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers looking to shut down factories for pay

Source: National Cyber Security – Produced By Gregory Evans

The malware entered the North Carolina transmission-manufacturing plant’s computer network by the way of email in August 2016, just as the criminals wanted, spreading like a virus and threatening to lock up the production line until the company paid a ransom. AW North Carolina stood to lose $270,000 in revenue,…

The post Hackers looking to shut down factories for pay appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Looking for love online? Here’s what you need to know

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ here’s a lot of dating advice out there, and not all of it is particularly useful or relevant. So much so, anyone dipping a toe into that murky pool would be …

The post Looking for love online? Here’s what you need to know appeared first on Become007.com.

View full post on Become007.com

Looking for love? A poor credit score can make you less attractive in the dating scene.

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ Forget the power of pheromones. Want to make yourself more attractive to a potential mate? Make sure you have a good credit score. Turns out that having a great credit history …

The post Looking for love? A poor credit score can make you less attractive in the dating scene. appeared first on Become007.com.

View full post on Become007.com

FBI looking for agents who can hack it – a computer, at least

Source: National Cyber Security – Produced By Gregory Evans

Agency Director James Comey indicates bureau may change its standards to attract cyber talent Aspiring federal agents who can hack a computer with ease but can’t shoot their way out of a paper bag could soon find the FBI to …

The post FBI looking for agents who can hack it – a computer, at least appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Pennsylvania man who sent child porn to Ohio teen looking at 13-year sentence

A Pennsylvania man, who prosecutors said drove to Northeast Ohio to have sex with a 14-year-old Tallmadge girl and take pictures of her, faces a 13-year prison term, though a judge said he would making his final sentencing decision in a few weeks.

James Cortelyou of Allentown had sex with the girl at a hotel in Kent in 2015, authorities said. He took pictures of her wearing a diaper and infant-style clothing, they said. Another image showed the girl with marks on her back, which were the result of Cortelyou flogging her.

The 37-year-old tried to argue to U.S. District Judge Dan Polster that “everyone’s guilty of making mistakes but they shouldn’t be defined by them.

Read More

View full post on Parent Security Online

Here’s why people are looking for love after Trump’s election

Source: National Cyber Security – Produced By Gregory Evans

Here’s why people are looking for love after Trump’s election

Donald Trump has seen a lot of haters and faced a lot of criticism but there are some who have been encouraged and are looking for love after his win. An online dating site has revealed what most people wouldn’t …

The post Here’s why people are looking for love after Trump’s election appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Online Dating Danger: Woman looking for love forced into prostitution

Source: National Cyber Security – Produced By Gregory Evans

Online Dating Danger: Woman looking for love forced into prostitution

PORTLAND, Ore. — Does this Valentine’s Day find you looking for love? Maybe you’ve thought about online dating. The success stories are advertised and talked about far and wide, but there are still some dangers lurking in this digital age. …

The post Online Dating Danger: Woman looking for love forced into prostitution appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures