Monday, November 26 2018

26Nov2018

NIST DRAFT- (SP) 1800-19 Volume B, Trusted Cloud: Security Practice Guide for VMWare Hybrid Cloud Infrastructure as a Service (IaaS) Environments

NIST has released a preliminary draft of NIST Special Publication (SP) 1800-19 Volume B, Trusted Cloud: Security Practice Guide for VMWare Hybrid Cloud Infrastructure as a Service (IaaS) Environments (Approach, Architecture, and Security Characteristics). This preliminary draft is stable but has some gaps in its content that will be addressed in the next draft. [A draft of Volume A, Executive Summary, was released in August 2018.] The initial comment period for Volume B will close on January 11, 2019.

Continue reading...

no comments no trackbacks

NIST

Friday, November 9 2018

09Nov2018

Penetration Testing: What is it?

This blog will discuss the meaning of Penetration Testing. A requirement that applies to all systems categorized as HIGH within the U.S. Government Sector and all 3rd Party Service Cloud Providers systems categorized as MOD and HIGH who must comply with FedRAMP. It addresses the requirements noted under NIST's 800-53 Control CA-8. See https://nvd.nist.gov/800-53/Rev4/control/CA-8

Continue reading...

no comments no trackbacks

Offensive Security

09Nov2018

DRAFT- NIST Internal Report (NISTIR) 8219: “Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection”

This publication provides an example on how manufacturing companies can improve security of it's Industrial Control Systems (ICS) through behavioral anomaly detection mechanisms that may be tied to a cyber attack. It includes incorporates standards, commercially available technologies and industry best practices.

The public comment period is open until December 6, 2018. See the links within for instructions on submitting comments.

Continue reading...

no comments no trackbacks

NIST

09Nov2018

Small Businesses and Cyber Security

This blog provides an overview on the importance of cyber security and small businesses. It's meant to make you pounder and determine if as a Small Business owner you should be concern.

Continue reading...

no comments no trackbacks

Cybersecurity

Friday, October 26 2018

26Oct2018

Rationale for Lack of Women on the Engineering Sector tied to Risk Management, Cybersecurity, and STEM fields

This blog provides an overview of why there's a lack of women entering the field and how we can improve the odds by integrating early childhood activities that increase the key component required to succeed in the Engineering fields: spatial cognitive skills.

Continue reading...

no comments no trackbacks

Women In CyberSec

Tuesday, October 16 2018

16Oct2018

Women in CyberSecurity

This blog provides an overview of women in Cybersecurity and some of the misconceptions surrounding the claim. In addition, it will address deficiencies and recommendations on how to improved the number of girls in the field by incorporating early childhood activities that would increase the key component required for Engineering: Spatial Cognitive Skills.

Continue reading...

no comments no trackbacks

Women In CyberSec

Tuesday, October 9 2018

09Oct2018

The Importance of Patching Systems for Security Vulnerabilities

This blog provides an overview on the importance that patching has when it comes to limiting Cyber Attacks as part of the Defensive Component, a component that falls under the Cybersecurity Framework tied to the Risk Management Framework.

Continue reading...

no comments no trackbacks

Defensive Security

09Oct2018

The importance of Defense in-depth and the Open System Interconnection (OSI) Layers

This blog provides a general overview on the importance of defense in-depth and how it is tied to the OSI Layers.

Continue reading...

no comments no trackbacks

Defense In-depth

Thursday, October 4 2018

04Oct2018

CSA: Top Threats to Cloud Computing: Deep Dive

Case study that attempts to connect the dots when it comes to risk management and cloud computing by providing a more technical detail dealing with architecture, compliance, risk and mitigation for each of the cloud computing threats and vulnerabilities identified.

Continue reading...

no comments no trackbacks

CSA

04Oct2018

ENISA launches the Cybersecurity Strategies Evaluation Tool

This tool will help European Member states evaluate their strategic priorities and objectives related to National Cyber Security Strategies.

Continue reading...

no comments no trackbacks

ENISA

04Oct2018

ENISA- Towards secure convergence of Cloud and IoT

ENISA published a short paper aiming to identify and tackle the security challenges that the IoT ecosystem brings to Cloud and vice-versa.

Continue reading...

no comments no trackbacks

ENISA

04Oct2018

NISTIR 8202: Blockchain Technology Overview- FINAL

A technical publication that examines the history, scope, and characteristics of this emerging technology which has enabled the development of numerous cryptocurrency systems.

Continue reading...

no comments no trackbacks

NIST

Wednesday, October 3 2018

03Oct2018

Importance of incorporating security within the System Development Life Cycle (SDLC)

This blog provides an overview on the importance of integrating security across the System's Development Life Cycle (SDLC) when developing or integrating new applications.

Continue reading...

no comments no trackbacks

SDLC

03Oct2018

NIST SP 800-37 Rev.2: RMF for Information Systems and Organizations- FINAL DRAFT Open for Comments

This publication provides guidelines for applying the Risk Management Framework (RMF) to information systems and organizations. The RMF provides a disciplined, structured, and flexible process for managing security and privacy risk that includes information system categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring.

Continue reading...

no comments no trackbacks

NIST

Sunday, September 16 2018

16Sep2018

NIST Risk Management - Broken into Components

This blog breaks down the NIST Risk Management Framework into five (5) unique components and explains how each must work together in order to successfully limit risk across the Enterprise.

Continue reading...

no comments no trackbacks

RMF

Tuesday, September 4 2018

04Sep2018

FedRAMP- Cloud Computing Molding Deficiencies

This blog provides an overview of how the FedRAMP process fails to mold the Cloud Assessments in accordance with NIST's guidance.

Continue reading...

no comments no trackbacks

Cloud Standards

Monday, September 3 2018

03Sep2018

FedRAMP - RMF Deficiencies

This blog provides an overview on the RMF deficiencies impacting FedRAMP's approach.

Continue reading...

no comments no trackbacks

Cloud Standards

Sunday, September 2 2018

02Sep2018

Federal Risk and Authorization Management Program (FedRAMP)

This blog provides a general overview of FedRAMP.

Continue reading...

no comments no trackbacks

Cloud Standards

Saturday, September 1 2018

01Sep2018

Indepth Analysis of NIST's CyberSecurity Framework

In this blog, I opted to look dipper into the Cybersecurity Framework and provide input on the underlying message not visible to the naked eye, those exposing key details of the framework that clearly denote the importance of an Enterprise Level Risk Management Framework.

Continue reading...

no comments no trackbacks

Cybersecurity

Tuesday, August 28 2018

28Aug2018

Hybrid Cloud Deployment

This blog provides an overview of the Hybrid Cloud Deployment option.

Continue reading...

no comments no trackbacks

Cloud Deployments

- page 1 of 2