Every day it seems a new data security breach has occurred, a new “cyber hack” is in the news…making us run to our phones, computers, bank accounts, you name it, to see if we could be the “one” affected. As a result, more and more online transactions, websites, financial institutions, for work or personal, require longer and more complicated login user names and passwords. I can barely remember my name as it is….let alone the now at least 25 unique user names and passwords I have to keep in a notebook. I have security fatigue!
Continue Reading Do You Have “Security Fatigue”?
National Institute of Standards and Technology
NIST Updates Digital Identity Guidelines for Federal Agencies
By Linn Foster Freedman on
Posted in Cybersecurity
This month, the National Institute of Standards and Technology (NIST) announced in a Bulletin that it has updated its Digital Identity Guidelines, which “provides agencies with technical guidelines regarding the digital authentication of users to federal networked systems.”
The Bulletin outlines the components of digital identity—identity proofing, authentication and federation for federal agencies to use…
NIST Releases Update to Cybersecurity Framework
By Linn Foster Freedman on
Posted in Cybersecurity
The National Institute of Standards and Technology (NIST) has issued an update to its Framework for Improving Critical Infrastructure Cybersecurity, which includes information relating to managing supply chain risks, measuring methodology and reducing cybersecurity risks to organizations.
The new guidance includes feedback that NIST has received following the release of the Framework in 2012,…
NIST Releases Guidance on Internet of Things
By Linn Foster Freedman on
Posted in Cybersecurity
The National Institute of Standards and Technology (NIST) recently released guidance for the makers of devices that use or are connected to the Internet to build robust security measures into the design of products from the get-go.
The Guidance—NIST Special Publication 800-160, is the culmination of four years of research, and focuses on…
New Cybersecurity Profile Issued for Maritime Industry on Transfer of Hazardous Liquids in Ports
By Linn Foster Freedman on
Posted in Cybersecurity
The National Institute of Standards and Technology (NIST) has teamed up with the United States Coast Guard(USCG) and private industry to issue a new cybersecurity document that will assist the maritime industry in securing the transportation of hazardous liquids in ports around the United States.
The document is in response to the recognition that the…
NIST Releases Draft NICE Cybersecurity Workforce Framework
By Linn Foster Freedman on
Posted in Cybersecurity
We consistently comment about the importance of educating the next generation of students on cybersecurity. The earlier the better, as far as I am concerned-as early as the third grade. There is a dearth of cybersecurity talent in the U.S. and it is one of the fastest growing fields for job opportunities.
Because cybersecurity is…
DOT Issues Proposed Cybersecurity Guidance for Auto Industry
By Linn Foster Freedman on
Posted in Cybersecurity
On Monday, October 24, 2016, the Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) issued proposed cybersecurity guidance to the auto industry, including auto manufacturers and designers and manufacturers of vehicle systems and software, designed to assist the industry in developing best practices to safeguard vehicles’ systems against cyber-attacks and to protect the data…
Draft Cybersecurity Self-Assessment Tool Published
By Linn Foster Freedman on
Posted in Cybersecurity
The National Institute of Standards and Technology (NIST) recently published a draft cybersecurity self-assessment tool entitled “The Baldrige Cybersecurity Excellence Builder,” which provides organizations with a tool to determine its security maturity level.
According to the guide, it will assist organizations to:
- Determine cybersecurity-related activities that are important to business strategy and the delivery of
…
NIST Extends Deadline for Comments to Mobile Device Infrastructure Guidance
By Linn Foster Freedman on
Posted in Cybersecurity
All enterprises are struggling with the security risks posed by the use of mobile devices by employees. Companies want their employees to have easy access to information so that they can perform their job functions in an efficient and easy way, yet allowing easy access to company data through mobile devices are security professionals’ nightmare.…
New NIST Study Shows Risks of Security Fatigue
By Linn Foster Freedman on
Posted in Cybersecurity
The National Institute of Standards and Technology (NIST) recently published a new article that finds that most typical computer users experience security fatigue that leads users to engage in risky behavior when they are at work and at home.
In one interview, a participant said that when it comes to computer security “I don’t pay any attention to those things anymore…People get weary from being bombarded by ‘watch out for this or watch out for that.’”
The study confirms what we all feel daily. Instead of a handful of passwords, we are supposed to use a different password for every online application, and it’s nearly impossible to remember them all. Throughout the study, they “got this overwhelming feeling of weariness throughout all of the data.” They found that computer users feel overwhelmed, bombarded, and were exhausted from being on alert all of the time, trying to adopt safe behavior and understanding the complexities of data security.
Because users are so tired, they feel resigned and out of control, and therefore they avoid decisions, choose easy options, behave impulsively and fail to follow the rules. This is basic psychology.Continue Reading New NIST Study Shows Risks of Security Fatigue