Forwarded from RUSCADASEC news: Кибербезопасность АСУ ТП (Anton Shipulin)
The International Society of Automation (ISA) выпустило книгу «Security PHA Review for Consequence-Based Cybersecurity» от Edward M. Marszal and Jim McGlone из компании Kenexis. Авторы рассказывают, как использовать результаты анализа опасностей process hazard analysis (PHA) для определения уязвимых к кибератакам сценариев и устранения проблем. Доступна электронная версия книги
https://www.isa.org/store/security-pha-review-for-consequence-based-cybersecurity/65832391
https://www.isa.org/store/security-pha-review-for-consequence-based-cybersecurity/65832391
Continuous Monitoring for IT Infrastructure | NCCoE
https://www.nccoe.nist.gov/projects/building-blocks/continuous-monitoring
https://www.nccoe.nist.gov/projects/building-blocks/continuous-monitoring
SP 800-205, Attribute Considerations for Access Control Systems | CSRC
https://csrc.nist.gov/publications/detail/sp/800-205/final
https://csrc.nist.gov/publications/detail/sp/800-205/final
CSRC | NIST
NIST Special Publication (SP) 800-205, Attribute Considerations for Access Control Systems
This document provides federal agencies with a guide for implementing attributes in access control systems. Attributes enable a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated…
Public Comments - Protecting CUI | CSRC
https://csrc.nist.gov/projects/protecting-cui/public-comments
https://csrc.nist.gov/projects/protecting-cui/public-comments
CSRC | NIST
Public Comments - Protecting CUI | CSRC
Comments Received on Draft SP 800-171B Below are comments received on Draft Special Publication 800-171B, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations – Enhanced Security Requirements for Critical Programs and High…
'Operational guidance for the EU's international cooperation on cyber capacity building: A playbook' https://t.co/jgujHo4oAs
https://t.co/lTHxyyJ2me
https://t.co/lTHxyyJ2me
op.europa.eu
Operational guidance for the EU's international cooperation on cyber capacity building : a playbook.
Details of the publication
061919_Wyden_Sensitive_Data_Transmission.pdf
1.5 MB
061919 Wyden Sensitive Data Transmission Best Practices Letter to NIST.pdf
Сенатор США просит NIST решить проблему с безопасным фаловым обменом по почте. Запароленные зипы -угроза!
Forwarded from Листок бюрократической защиты информации
Проект изменений в Закон «О персональных данных»
Минкомсвязи планирует расширить полномочия Роскомнадзора по выработке требований и методов по обезличиванию персональных данных.
https://regulation.gov.ru/projects#npa=92372
Минкомсвязи планирует расширить полномочия Роскомнадзора по выработке требований и методов по обезличиванию персональных данных.
https://regulation.gov.ru/projects#npa=92372
Forwarded from RUSCADASEC news: Кибербезопасность АСУ ТП (Anton Shipulin)
Idaho National Laboratory (INL) выложила в публичный доступ на GitHub, инструмент Structured Threat Intelligence Graph (STIG), который призван помочь операторам предприятий критической инфраструктуры легко визуализировать, делиться, создавать и редактировать cyberthreat intelligence информацию
…The ability to share threat intelligence is essential for protecting critical infrastructure like the electric power grid, water treatment facilities, oil refineries, and manufacturing plants from cyber exploits. Prior to the development of this software, threat information was too complex and cumbersome to share, limiting its application in operational environments. The new software standardizes the collection via Structured Threat Information eXpression (STIX) and converts complex data on cybersecurity vulnerabilities into a visualization that is easy to understand and act on. With STIG, utility owners and operators have a common system for sharing threat intelligence information, thus increasing the chances of detecting and mitigating cyber exploits before they lead to a cyberattack…
https://inl.gov/article/revolutionary-cybersecurity-tool-for-protecting-energy-systems-released-on-github/
…The ability to share threat intelligence is essential for protecting critical infrastructure like the electric power grid, water treatment facilities, oil refineries, and manufacturing plants from cyber exploits. Prior to the development of this software, threat information was too complex and cumbersome to share, limiting its application in operational environments. The new software standardizes the collection via Structured Threat Information eXpression (STIX) and converts complex data on cybersecurity vulnerabilities into a visualization that is easy to understand and act on. With STIG, utility owners and operators have a common system for sharing threat intelligence information, thus increasing the chances of detecting and mitigating cyber exploits before they lead to a cyberattack…
https://inl.gov/article/revolutionary-cybersecurity-tool-for-protecting-energy-systems-released-on-github/