Security by Design and NIST 800-160, Part 4: Technical Processes From ‘Go’ to Disposal

Even if you are not an engineer, NIST 800-160 Volume 1 could help you in your work to understand security by design. It shows what you need to secure your information system. In the other blogs in this series, we’ve summarized the major points of the document. In the final installment, we’ll take a look at Continue reading Security by Design and NIST 800-160, Part 4: Technical Processes From ‘Go’ to Disposal

The OSI Model and You Part 1: Stopping Threats on the OSI Physical Layer

The Open Systems Interconnection (OSI) model is one of the many useful tools we can use to stop cybersecurity threats. This long-standing standard separates a network into seven layers, offering suggestions for protecting each of them. In this blog series, we’ll examine the layers one by one to understand this model. Each piece follows the same Continue reading The OSI Model and You Part 1: Stopping Threats on the OSI Physical Layer

Security by Design and NIST 800-160, Part 2: Life Cycle Processes

NIST 800-160 Volume 1 features many guidelines of interest to cybersecurity experts looking to boost their defenses through security by design. As we saw in the first post in this series, the key principles of this document provide a good footing for security. Next, let’s take a look at how the security design principles laid Continue reading Security by Design and NIST 800-160, Part 2: Life Cycle Processes

Health Care Data: It’s Your Personal ‘National Security’ Information

If you wanted to put all the pieces of a person’s profile together, health care data would likely be the most important piece of the personally identifiable information (PII) puzzle. It’s powerful. A heartbeat can open a door. This data is the most important type related to a person, the crown jewel of PII data Continue reading Health Care Data: It’s Your Personal ‘National Security’ Information

Security by Design and NIST 800-160, Part 1: Managing Change

Building a house requires a blueprint. When it comes to building systems, National Institute of Standards and Technology’s (NIST) documents about security by design are some of the most reliable blueprints. As systems become more complex, they’re also more likely to be fragile. Meanwhile, we continue to add new devices, apps and tools into our Continue reading Security by Design and NIST 800-160, Part 1: Managing Change

Social Engineering: Watch Out for These Threats Against Cybersecurity Experts

Many of us remember our parents saying not to take candy from strangers. Today, we can apply a similar mindset to avoid social engineering. Social engineering is the threat that keeps on coming back. Threat actors are learning to use even cybersecurity researchers’ best intentions against them. Let’s take a look at tactics threat actors Continue reading Social Engineering: Watch Out for These Threats Against Cybersecurity Experts

Self-Assessment: How Can You Improve Financial Services Cybersecurity?

It’s common knowledge that threat actors target banks. Not only might these attackers want to directly steal money, by doing this they’re also hitting the customers and the trust in the bank. If a financial institution suffers a loss, even insurance can only go so far to minimize the actual cost to the organization. The cost Continue reading Self-Assessment: How Can You Improve Financial Services Cybersecurity?

Ransomware Attacks in 2021: Information Meets Emotion

“If you want to go quickly, go alone, but if you want to go far, go together.” This African proverb opens the Sophos 2021 Threat Report, and in view of recent cybersecurity events, its meaning is very important when it comes to defending against ransomware attacks. As threat actors work together to provide ransomware-as-a-service, defenders Continue reading Ransomware Attacks in 2021: Information Meets Emotion

Does a Strong Privacy Program Make for a Stronger Security Program?

There is a saying in sociopolitical circles: “politics is downstream from culture.” Using that same line of thinking, poses a question: Is information security downstream from data privacy? In order to tell the difference between security and privacy and how they feed in to each other to achieve both, we’ll look at the leading regulation: the National Institute of Continue reading Does a Strong Privacy Program Make for a Stronger Security Program?