The U.S. National Institute of Standards and Technology has revised its guidance for organizations to counter supply chain risks. The new document addresses how to identify, assess and respond to cybersecurity risks throughout the supply chain at all levels of an organization.
On the cusp of 2022, John Kindervag - the father of the Zero Trust security model - reflects on how the Zero Trust dialogue has evolved in 2021 and makes his New Year's predictions. Will the president's executive order be an accelerator or an anchor? Which myths are ripe to be busted?
In preparation for the relaunch of ISMG’s education platform, CyberEd.io, Ron Ross of the National Institute of Standards and Technology and Brian Barnier, who is designing a course on critical thinking and design thinking, discuss the need for reorienting toward systems thinking in cybersecurity.
The White House is preparing executive branch agencies to adopt "zero trust" network architectures by 2024, with CISA and the OMB overseeing the creation of technology road maps that departments must follow. This is a major component of President Biden's cybersecurity executive order.
The Biden administration unveiled a package of supply chain and critical infrastructure security initiatives following a meeting at the White House with tech executives and others. Companies such as Google and Microsoft also promised billions in spending on cybersecurity over the next several years.
What are the latest cybersecurity issues? Join four Information Security Media Group editors as they describe the top issues of the week, including the risk of cyberattacks provoking a kinetic response, as well as top healthcare CISOs' tips for handling supply chain security, resiliency and ransomware.
NIST is updating "cyber resiliency" guidance to focus on mitigating modern cyberthreats to IT networks, especially ransomware and nation-state attacks. A draft encourages security defenders to move away from a perimeter-based defense to building resilient IT systems.
You already have some sort of third party security program in place - perhaps you've built a security questionnaire based on internal policies or an industry standard such as ISO or NIST. You may have even "right-sized" your questionnaire specifically for different types of supplier relationships and developed a few...
The National Institute of Standards and Technology has unveiled a pair of draft practice guidelines that offer updated advice and best practices on how to protect the confidentiality, integrity and availability of data in light of increasing threats from ransomware and other large-scale cyber events.
The NIST Cybersecurity Framework was never intended to be something you could "do." It's supposed to be something you can "use."
Download this guide and learn how you can:
Figure out the "as is" state for your organization;
Identify areas you are doing well and areas you need to focus your efforts;
With privacy laws becoming global and mainstream, the concept of "adequate security" is becoming a legal mandate across many verticals. The overlap between privacy and security calls for new ways for these two teams to collaborate, communicate more effectively, and use common tools.
Use this guide to learn the...