Risk Management December 21, 2022

Don’t Wait to Embrace CISA’s Vulnerability Management Rules

4 min read - Vulnerability management is the time-consuming process of finding and patching a seemingly unlimited number of potential risks. The National Institute of Standards and Technology (NIST) reports more than 23,000 new vulnerabilities for 2022, where more than 17,000 are classified as…

Zero Trust September 29, 2022

What CISOs Want to See From NIST’s Impending Zero Trust Guidelines

3 min read - Cybersecurity at U.S. federal agencies has been running behind the times for years. It took an executive order by President Joe Biden to kickstart a fix across the agencies. The government initiative also serves as a wake-up call to enterprises…

CISO August 8, 2022

Everything CISOs Need to Know About NIST

4 min read - It’s never been harder to be a chief information security officer (CISO). In 2021, there were 50% more attacks each week compared to 2020. Without a plan, maintaining a robust security posture is an uphill struggle.  Thankfully, the National Institute…

Risk Management July 28, 2022

NIST Supply Chain Security Guidelines: 10 Key Takeaways

3 min read - The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) recently published updated guidance for reducing cybersecurity risks in supply chains. Titled “Software Supply Chain Security Guidance,” the update is NIST’s response to directives issued by an executive…

Software Vulnerabilities November 9, 2021

A New Cybersecurity Executive Order Puts the Heat on Critical Infrastructure Suppliers

3 min read - Ransomware. Five years ago, the cybersecurity community knew that term well, although among others it was far from dinner table conversation. Times have changed. Since early 2020, ransomware has hit a slew of headlines. People inside and outside of the…

Zero Trust November 8, 2021

Zero Trust: What NIST’s Guidelines Mean for Your Resources

3 min read - In May, The White House released an executive order on improving the nation’s cybersecurity. The order came with various directives for Federal Civilian Executive Branch agencies. Among other efforts, the order focused on the federal government’s advance toward zero trust…

Government September 2, 2021

What Biden’s Cybersecurity Executive Order Means for Supply Chain Attacks

5 min read - With cybersecurity guidelines coming down from the executive branch, industry and policymakers clearly both see the extent of the cyberattack problem. Take a look at the contents of the Biden administration’s May executive order and what it means for people…

Fraud Protection July 30, 2021

5 Ways to Increase Password Safety

3 min read - You make password decisions every week. Maybe you create a new account, reset a password or respond to a password change prompt. And each time you make a seemingly small or insignificant mistake in regard to password safety, such as…

CISO May 27, 2021

Security by Design and NIST 800-160, Part 4: Technical Processes From ‘Go’ to Disposal

4 min read - Even if you are not an engineer, NIST 800-160 Volume 1 could help you in your work to understand security by design. It shows what you need to secure your information system. In the other blogs in this series, we’ve summarized…

Risk Management May 20, 2021

Security by Design and NIST 800-160, Part 3: Technical Processes

3 min read - Picking up where we left off on the security-by-design thinking offered by NIST 800-160 Volume 1, we move onward in Chapter 3, focusing on the technical management processes. Let’s look at some security design principles at the technical processes level.…