Thursday, December 20 2018

UPDATED- NIST 800-37 Rev.2: Risk Management Framework for Information Systems and Organization's

NIST just released the FINAL NIST 800-37 Framework and it clearly delineates what we have been promoting for the past few years. The "Big Picture", the importance of an Enterprise Level Risk Management Framework and how the Cybersecurity Frameworks is integrated within it. On this blog, we will delineate the key areas that focus on what we have been saying across our site, blog, and YouTube channel.

Continue reading...

Monday, November 26 2018

NIST DRAFT- (SP) 1800-19 Volume B, Trusted Cloud: Security Practice Guide for VMWare Hybrid Cloud Infrastructure as a Service (IaaS) Environments

NIST has released a preliminary draft of NIST Special Publication (SP) 1800-19 Volume B, Trusted Cloud: Security Practice Guide for VMWare Hybrid Cloud Infrastructure as a Service (IaaS) Environments (Approach, Architecture, and Security Characteristics). This preliminary draft is stable but has some gaps in its content that will be addressed in the next draft. [A draft of Volume A, Executive Summary, was released in August 2018.] The initial comment period for Volume B will close on January 11, 2019.

Continue reading...

Friday, November 9 2018

Penetration Testing: What is it?

This blog will discuss the meaning of Penetration Testing. A requirement that applies to all systems categorized as HIGH within the U.S. Government Sector and all 3rd Party Service Cloud Providers systems categorized as MOD and HIGH who must comply with FedRAMP. It addresses the requirements noted under NIST's 800-53 Control CA-8. See

Continue reading...

DRAFT- NIST Internal Report (NISTIR) 8219: “Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection”

This publication provides an example on how manufacturing companies can improve security of it's Industrial Control Systems (ICS) through behavioral anomaly detection mechanisms that may be tied to a cyber attack. It includes incorporates standards, commercially available technologies and industry best practices.

The public comment period is open until December 6, 2018. See the links within for instructions on submitting comments.

Continue reading...

Small Businesses and Cyber Security

This blog provides an overview on the importance of cyber security and small businesses. It's meant to make you pounder and determine if as a Small Business owner you should be concern.

Continue reading...

Friday, October 26 2018

Rationale for Lack of Women on the Engineering Sector tied to Risk Management, Cybersecurity, and STEM fields

This blog provides an overview of why there's a lack of women entering the field and how we can improve the odds by integrating early childhood activities that increase the key component required to succeed in the Engineering fields: spatial cognitive skills.

Continue reading...

Tuesday, October 16 2018

Women in CyberSecurity

This blog provides an overview of women in Cybersecurity and some of the misconceptions surrounding the claim. In addition, it will address deficiencies and recommendations on how to improved the number of girls in the field by incorporating early childhood activities that would increase the key component required for Engineering: Spatial Cognitive Skills.

Continue reading...

Tuesday, October 9 2018

The Importance of Patching Systems for Security Vulnerabilities

This blog provides an overview on the importance that patching has when it comes to limiting Cyber Attacks as part of the Defensive Component, a component that falls under the Cybersecurity Framework tied to the Risk Management Framework.

Continue reading...

The importance of Defense in-depth and the Open System Interconnection (OSI) Layers

This blog provides a general overview on the importance of defense in-depth and how it is tied to the OSI Layers.

Continue reading...

Thursday, October 4 2018

CSA: Top Threats to Cloud Computing: Deep Dive

Case study that attempts to connect the dots when it comes to risk management and cloud computing by providing a more technical detail dealing with architecture, compliance, risk and mitigation for each of the cloud computing threats and vulnerabilities identified.

Continue reading...

ENISA launches the Cybersecurity Strategies Evaluation Tool

This tool will help European Member states evaluate their strategic priorities and objectives related to National Cyber Security Strategies.

Continue reading...

ENISA- Towards secure convergence of Cloud and IoT

ENISA published a short paper aiming to identify and tackle the security challenges that the IoT ecosystem brings to Cloud and vice-versa.

Continue reading...

NISTIR 8202: Blockchain Technology Overview- FINAL

A technical publication that examines the history, scope, and characteristics of this emerging technology which has enabled the development of numerous cryptocurrency systems.

Continue reading...

Wednesday, October 3 2018

Importance of incorporating security within the System Development Life Cycle (SDLC)

This blog provides an overview on the importance of integrating security across the System's Development Life Cycle (SDLC) when developing or integrating new applications.

Continue reading...

NIST SP 800-37 Rev.2: RMF for Information Systems and Organizations- FINAL DRAFT Open for Comments

This publication provides guidelines for applying the Risk Management Framework (RMF) to information systems and organizations. The RMF provides a disciplined, structured, and flexible process for managing security and privacy risk that includes information system categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring.

Continue reading...

Sunday, September 16 2018

NIST Risk Management - Broken into Components

This blog breaks down the NIST Risk Management Framework into five (5) unique components and explains how each must work together in order to successfully limit risk across the Enterprise.

Continue reading...

Tuesday, September 4 2018

FedRAMP- Cloud Computing Molding Deficiencies

This blog provides an overview of how the FedRAMP process fails to mold the Cloud Assessments in accordance with NIST's guidance.

Continue reading...

Monday, September 3 2018

FedRAMP - RMF Deficiencies

This blog provides an overview on the RMF deficiencies impacting FedRAMP's approach.

Continue reading...

Sunday, September 2 2018

Federal Risk and Authorization Management Program (FedRAMP)

This blog provides a general overview of FedRAMP.

Continue reading...

Saturday, September 1 2018

Indepth Analysis of NIST's CyberSecurity Framework

In this blog, I opted to look dipper into the Cybersecurity Framework and provide input on the underlying message not visible to the naked eye, those exposing key details of the framework that clearly denote the importance of an Enterprise Level Risk Management Framework.

Continue reading...

- page 1 of 3