NIST 800-53 Rev. 5: What it Is, and Why You Should Care
Later this year, the National Institute for Standards and Technology (NIST) will release revision #5 to Special Publication SP 800-53 Security and Privacy Controls for Information Systems and Organizations, a key framework documenting recommended security controls for federal information systems. Soon, government agencies, contractors and FedRAMP certified vendors will be rushing to update their systems before the guidelines go into effect.
NIST 800-171: What it Is, and Why You Should Care
Since 2017, any federal contractor working in association with the Department of Defense (DoD) is required to comply with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 – Protecting Unclassified Information in Nonfederal Information Systems and Organizations. In this article, we’ll give you the rundown on this important regulation, and why compliance is essential for any federal partner.
How Regular Risk Assessment Prevents and Stabilizes Threats
Data breaches, foreign hackers and corporate espionage: today, it seems that phrases like these are on the tips of every tongue, and not without good reason.
What is ICS?
Through our years of experience within cyber security, Industrial Control Systems (ICS) are unique. There is a blend of old and new technologies. Critical infrastructure security comes in many sizes but only one principle is constant, high availability. Many clients within critical infrastructure and security is becoming more of a concern.
Always Expect the Worst: Anticipating Threats with Cyber Hunt
Once upon a time, security was about mitigating risks to an organization by following best practices and responding effectively to incidents when they arose. This compliance and risk-based mindset is no longer enough: the past several years have seen escalating breaches and organized cyber-crime, showing that safety is now the exception and not the rule. A threat-based mindset is the only solution.
A New Security Risk for ICS Controllers: Triton Malware Explained
Over the past few years, we’ve started to see malware specifically developed to target industrial control systems (ICS). Among the most notable of recent culprits are BlackEnergy, Industroyer and Triton. FireEye was the first security firm responding to the Triton incident, and recently published more information about the Triton Threat Actor TTP profile which we will review in this article.
Ransomeware ‘LockerGoga’ Disrupting Industrial Operations
It has recently been reported that a new breed of ransomeware is infecting industrial networks and forcing ICS organizations to switch from digital to manual operations. The malware ‘LockerGoga has, within the past few weeks, infiltrated Norweigan aluminum Manufacturer, Norsk Hydro. Because of this incident, the organization was forced to execute their business continuity and cyber security incident response plans.
Answering Risk Requests from Third-Party Partners with Standardized Documentation and Response
As CISOs become increasingly aware of the risks surrounding third-party relationships – and with a shift in focus towards supply chain risk management – there is mounting pressure from partners and clients to maintain a security posture centered on a mature information security program.
2018 will likely go down in history for the sheer scale of consumer data that was hacked, leaked, stolen and otherwise compromised by cyberattacks throughout the year. Estimates show that during the first six months alone, 4.5 billion records were exposed over 945 data breaches leading to mass identify theft and financial fraud.
One year away from the third decade of the 21st century and technology has finally caught up with science fiction. In 2019, we’re going to hear more news about driverless cars, revolutions in artificial intelligence and commercial applications for drones. One thing is for sure: it’s an exciting time to be alive.
A recent poll found that an overwhelming majority of Americans (92%) agree on one thing: the power grid needs better protection. This point of view is understandable. The day before New Year’s 2017, researchers discovered that foreign hackers had infiltrated an internal computer at Vermont utility Burlington Electric.
Securicon supports USCYBERCOM in planning, coordinating, integrating, synchronizing, and conducting the operations and defense of Department of Defense Information Networks (DODIN).