Tag Archives: NIST

The Financial Stability Board’s “Cyber Lexicon” – Global Jargon for a Global Mission

On November 12, the Financial Stability Board (FSB) published a Cyber Lexicon, designed to help financial institutions around the globe address “financial sector cyber resilience.” The Cyber Lexicon sets forth definitions for 54 “core terms related to cybersecurity and cyber resilience in the financial sector.” “Cyber Resilience,” one of the 54 definitions, is defined as … Continue Reading

Privacy Tip #162 – Cybersecurity Help for Small Businesses

Small businesses are targeted by hackers because they often do not have the resources to stay abreast of new schemes, or to protect against them with the latest technology or security solutions. Small businesses have historically struggled with data security, so any help is always welcome. Recognizing that small businesses struggle with data security, the … Continue Reading

Energy Sector: Hit Hard and Worried

One only needs to read the headlines to understand that critical infrastructure in the U.S., including the energy sector, is an obvious target for malicious actors. According to a new report by Marsh, entitled “Could Energy Industry Dynamics be Creating an Impending Cyber Storm?”, more than one in four respondents of a survey aimed at … Continue Reading

NIST Issues Energy Sector Asset Management Project

According to the National Institute of Standards and Technology (NIST), the energy sector relies on industrial control systems assets to “generate, transmit, and distribute power and to drill, produce, refine, and transport oil and natural gas.” These industrial control systems include supervisory control and data acquisition (SCADA) systems, distributed control systems, programmable logic controllers and … Continue Reading

NIST Issues Blockchain Technology Report to Help Businesses “Make Good Decisions” About Using Blockchain

On January 24, 2018, the National Institute of Standards and Technology (NIST) issued its “Draft NIST Interagency Report 8202 Blockchain Technology Overview” which it announced as NIST’s “Report on Blockchain Technology Aims to Go Beyond the Hype.” The press release announcing the issuance of the report starts by stating “Beguiling, baffling or both—that’s blockchain. Aiming to … Continue Reading

Do You Have “Security Fatigue”?

Every day it seems a new data security breach has occurred, a new “cyber hack” is in the news…making us run to our phones, computers, bank accounts, you name it, to see if we could be the “one” affected. As a result, more and more online transactions, websites, financial institutions, for work or personal, require … Continue Reading

Privacy Tip #110 – Resources for Small Businesses to Stay Informed about Cyber Threats

The Federal Trade Commission (FTC) has concentrated on small businesses this year with the launch of www.FTC.gov/SmallBusiness , which provides data security awareness information to small businesses. The  site includes articles about data security, how to develop a data security plan, what happens when ransomware affects your business, what to do in response to a … Continue Reading

NIST Updates Digital Identity Guidelines for Federal Agencies

This month, the National Institute of Standards and Technology (NIST) announced in a Bulletin that it has updated its Digital Identity Guidelines, which “provides agencies with technical guidelines regarding the digital authentication of users to federal networked systems.” The Bulletin outlines the components of digital identity—identity proofing, authentication and federation for federal agencies to use … Continue Reading

NIST Publishes Updated Cybersecurity Guidance and Guidance on Passwords

The National Institute of Science and Technology (NIST) has long been a leading authority in Cybersecurity—even before Cybersecurity became a household name. It originally published its Cybersecurity Framework-intended not to be a standard, but to offer guidance—to all industries on how to begin to tackle data security. As cyber threats expand and become more sophisticated, … Continue Reading

Privacy Tip #102 – How to Educate Your Employees to Use Long, Easy to Remember Passwords

I feel like I have been writing about Passwords over and over and that’s because I have. Despite hearing about how important passwords are over and over again, compromised passwords continues to be an issue for organizations. Since the National Institute of Science and Technology (NIST) recently published new guidance and is recommending the use … Continue Reading

OCR Urges Covered Entities and Business Associates to Use HTTPS

New guidance from the Office for Civil Rights (OCR) urges covered entities and business associates to use Secure Hypertext Transport Protocol (HTTPS) to protect communications from vulnerabilities. According to OCR, the vulnerability can be introduced by the use of products that inspect HTTPS traffic. These products are used to detect malware or unsafe connections, which … Continue Reading

NIST Releases Update to Cybersecurity Framework

The National Institute of Standards and Technology (NIST) has issued an update to its Framework for Improving Critical Infrastructure Cybersecurity, which includes information relating to managing supply chain risks, measuring methodology and reducing cybersecurity risks to organizations. The new guidance includes feedback that NIST has received following the release of the Framework in 2012, as … Continue Reading

NIST Releases Guidance on Internet of Things

The National Institute of Standards and Technology (NIST) recently released guidance for the makers of devices that use or are connected to the Internet to build robust security measures into the design of products from the get-go. The Guidance—NIST Special Publication 800-160, is the culmination of four years of research, and focuses on the engineering … Continue Reading

New Cybersecurity Profile Issued for Maritime Industry on Transfer of Hazardous Liquids in Ports

The National Institute of Standards and Technology (NIST) has teamed up with the United States Coast Guard(USCG) and private industry to issue a new cybersecurity document that will assist the maritime industry in securing the transportation of hazardous liquids in ports around the United States. The document is in response to the recognition that the … Continue Reading

DOT Issues Proposed Cybersecurity Guidance for Auto Industry

On Monday, October 24, 2016, the Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) issued proposed cybersecurity  guidance to the auto industry, including auto manufacturers and designers and manufacturers of vehicle systems and software, designed to assist the industry in developing best practices to safeguard vehicles’ systems against cyber-attacks and to protect the data … Continue Reading

Draft Cybersecurity Self-Assessment Tool Published

The National Institute of Standards and Technology (NIST) recently published a draft cybersecurity self-assessment tool entitled “The Baldrige Cybersecurity Excellence Builder,” which provides organizations with a tool to determine its security maturity level. According to the guide, it will assist organizations to: Determine cybersecurity-related activities that are important to business strategy and the delivery of … Continue Reading

NIST Extends Deadline for Comments to Mobile Device Infrastructure Guidance

All enterprises are struggling with the security risks posed by the use of mobile devices by employees. Companies want their employees to have easy access to information so that they can perform their job functions in an efficient and easy way, yet allowing easy access to company data through mobile devices are security professionals’ nightmare. … Continue Reading

The Cyber Regulation Drops

On September 13, 2016, Governor Andrew Cuomo announced the first proposed broadly applicable cyber regulation in the U.S. (the “Regulation”). The Regulation covers banks, insurance companies and other financial institutions (Covered Entities) regulated by the New York Department of Financial Services (the “DFS”). The Regulation is tightly focused, but with broad reach. It appears to … Continue Reading

NAIC Released Draft of Revised Insurance Data Security Model Law for Review

The National Association of Insurance Commissioners’ (NAIC) Cybersecurity Task Force released a revised draft of the Insurance Data Security Model Law (Model Law) last week. The Model Law’s goal is to “establish exclusive standards… for data security and investigation and notification of a data breach” for “any person or entity licensed, authorized to operate, or … Continue Reading

NIST Recommends against SMS as Second Authentication Factor

On July 29, Paul Grassi, the Senior Standards and Technology Advisor at the National Institute of Standards and Technology (NIST) posted an unusual blog regarding the new draft NIST Special Publication 800-63-3: Digital Authentication Guideline. The main issue that has created significant commentary by the press and businesses is NIST’s “deprecation” of using SMS (text messages) … Continue Reading
LexBlog