NIST Releases New Version of the Cybersecurity Framework and Calls on "All CEOs" to Consider Adoption

The National Institute of Standards and Technology just released v1.1 of the Framework for Improving Critical Infrastructure Cybersecurity. The Cybersecurity Framework, "NIST CSF" or "Framework" as it's called is a set of cyber security best practices and guidelines for critical infrastructure organizations, but its popularity has skyrocketed within all sectors even outside of energy, telecom, and others. The U.S. Secretary of Commerce Wilbur Ross noted that "The voluntary NIST Cybersecurity Framework should be every company's first line of defense. Adopting version 1.1 is a must do for all CEOs."

Read More
Combating Cyber Threats in Critical Infrastructure Through Due Diligence

Imagine a major city in the United States without power. Transportation systems would fail, and businesses would have to shut down. Large segments of the population would panic. Considering the important role these sectors have in our country’s economy and way of life, the stakes are high. No one can deny the importance of critical infrastructure cybersecurity. Even more due diligence is required when building a cybersecurity program in key, critical infrastructure sectors.

Read More
Swinging Compliance Spreadsheets? Four Tips For Your Next Cybersecurity Assessment

Cybersecurity compliance regulations were created to make sure that organizations effectively implement cybersecurity best practices. Frameworks and standards such as HIPAA, 23 NYCRR 500, PCI-DSS, GDPR, NIST and others were created to improve the security of the systems and processes related to transactions and other activities in an enterprise that concern sensitive data. It's time to come out of the dark ages. Agility, automation, and efficiency is the name of the game for modern assessors and compliance teams. Here's how to leverage your team, your data, and your reporting to make your next cyber assessment your best. 

Read More
Cyber Compliance for the Financial Sector: An Overview

Governance, risk  and compliance frameworks created by industry experts resulted in FFIEC, PCI DSS, ISO, GLBA, ISACA, 23 NYCRR part 500 and others all were created to build cyber strength. Compliance frameworks specific to the financial sector and others, however, don't give visibility into your cyber posture based on the depth and breadth that is required to run a truly sophisticated program. This is why many firms are rapidly adopting the NIST CSF. Wondering how to handle all these financial sector regulations and adopt NIST best practices? Here's an overview of how to achieve just that.

Read More
Achieve The Prioritized Approach to PCI DSS Compliance

PCI DSS compliance is not new for organizations who have been in the business of dealing with credit card data. From multi-factor authentication to reporting for service providers, there's something for everyone to comply to and monitor. Especially for big brands or upcoming businesses with lots of momentum, becoming the next star of another Target credit card scandal isn't something on anyone's wishlist. The fear of being the next big scandal is one reason why PCI compliance is so important, and why you and your team should take it seriously.

Read More
New York's Financial Legislation 23 NYCRR 500: What Your Need to Know

What is New York 23 NYCRR part 500 compliance and how do financial institutions approach cyber compliance? Financial Industry Cyber Compliance can be a daunting lift, especially for those who haven't started to remediate. Even for those who have secured compliance, most aren't sure how to continuously prove compliance without taking time, effort, and resources away from existing projects. Here's an overview of the 23 NYCRR 500 compliance requirements and what they mean for your organization.

Read More
DFARS Compliance: Some Key Requirements in Detail

We've seen the Department of Defense DFARS regulation (DFARS 252.204 7012) in action, and we now know that DFARS Compliance has no limit on who it can affect. From R&D to Biotech to Manufacturing, it's clear that if you fall under the mandate, you need to get ahead of the NIST 800-171 requirements sooner rather than later. From incident reporting to audit and accountability, here are some key requirements you should be aware of.

Read More
Battling the Risks of Healthcare Cyber Attacks

The recent CynergisTek report showed that these healthcare entities ranked highest in response and recovery in the Core Elements of the NIST Cybersecurity Framework. Aside from more standard healthcare IT compliance frameworks such as HIPAA and HITRUST, the NIST CSF is voluntary and has brought more visibiltiy to assessing baseline cyber strength then ever before. Read for more information on where healthcare industry cyber is headed.

Read More
NIST 800-30: Five Rules for Effective Cyber Risk Management

Many regulations across industries require or promote risk assessments. The ultimate goal? To better manage IT-related risks, which inevitably cover the entire organization, vendors, applications and customer base in many cases. It's no surprise that having this knowledge permeate your organization leads to effective cyber risk management. Here are some top tips to implement an adaptive, simple, and actionable enterprise-wide risk assessment.

Read More
IAPP The Privacy Advisor: How NIST Security Controls Might Help You Get Ready for the GDPR

In order to get ready for the General Data Protection Regulation, companies need to thoroughly review and exercise due diligence of their existing security measures and information security frameworks. Considering that the GDPR is meant to be technology neutral, it provides very little guidance on these topics. While it aims to bring privacy from theory into practice, the onus to achieve it is on the controllers and processors of personal data - from IAPP's blog, The Privacy Advisor

Read More
Press Release: CyberSaint® Security Releases CyberStrong™ Enterprise Platform

BOSTON, MASSACHUSETTS, UNITED STATES, March 8, 2018 /EINPresswire.com/ -- CyberSaint Security, Inc. today announced the availability of its new CyberStrong™ Enterprise Platform, which harnesses artificial intelligence to automate compliance and risk management. The new platform also enables organizations to implement bespoke and hybrid frameworks needed by many organizations to securely move to digitization, IoT and industrial internet applications. The Enterprise Platform includes an integrated NIST SP 800-30 risk management framework, making it ideal for commercial enterprises as well as FEDRAMP and DIARMF programs. 

Read More