Public Comments - Protecting CUI | CSRC
https://csrc.nist.gov/projects/protecting-cui/public-comments
https://csrc.nist.gov/projects/protecting-cui/public-comments
CSRC | NIST
Public Comments - Protecting CUI | CSRC
Comments Received on Draft SP 800-171B Below are comments received on Draft Special Publication 800-171B, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations – Enhanced Security Requirements for Critical Programs and High…
'Operational guidance for the EU's international cooperation on cyber capacity building: A playbook' https://t.co/jgujHo4oAs
https://t.co/lTHxyyJ2me
https://t.co/lTHxyyJ2me
op.europa.eu
Operational guidance for the EU's international cooperation on cyber capacity building : a playbook.
Details of the publication
061919_Wyden_Sensitive_Data_Transmission.pdf
1.5 MB
061919 Wyden Sensitive Data Transmission Best Practices Letter to NIST.pdf
Сенатор США просит NIST решить проблему с безопасным фаловым обменом по почте. Запароленные зипы -угроза!
Forwarded from Листок бюрократической защиты информации
Проект изменений в Закон «О персональных данных»
Минкомсвязи планирует расширить полномочия Роскомнадзора по выработке требований и методов по обезличиванию персональных данных.
https://regulation.gov.ru/projects#npa=92372
Минкомсвязи планирует расширить полномочия Роскомнадзора по выработке требований и методов по обезличиванию персональных данных.
https://regulation.gov.ru/projects#npa=92372
Forwarded from RUSCADASEC news: Кибербезопасность АСУ ТП (Anton Shipulin)
Idaho National Laboratory (INL) выложила в публичный доступ на GitHub, инструмент Structured Threat Intelligence Graph (STIG), который призван помочь операторам предприятий критической инфраструктуры легко визуализировать, делиться, создавать и редактировать cyberthreat intelligence информацию
…The ability to share threat intelligence is essential for protecting critical infrastructure like the electric power grid, water treatment facilities, oil refineries, and manufacturing plants from cyber exploits. Prior to the development of this software, threat information was too complex and cumbersome to share, limiting its application in operational environments. The new software standardizes the collection via Structured Threat Information eXpression (STIX) and converts complex data on cybersecurity vulnerabilities into a visualization that is easy to understand and act on. With STIG, utility owners and operators have a common system for sharing threat intelligence information, thus increasing the chances of detecting and mitigating cyber exploits before they lead to a cyberattack…
https://inl.gov/article/revolutionary-cybersecurity-tool-for-protecting-energy-systems-released-on-github/
…The ability to share threat intelligence is essential for protecting critical infrastructure like the electric power grid, water treatment facilities, oil refineries, and manufacturing plants from cyber exploits. Prior to the development of this software, threat information was too complex and cumbersome to share, limiting its application in operational environments. The new software standardizes the collection via Structured Threat Information eXpression (STIX) and converts complex data on cybersecurity vulnerabilities into a visualization that is easy to understand and act on. With STIG, utility owners and operators have a common system for sharing threat intelligence information, thus increasing the chances of detecting and mitigating cyber exploits before they lead to a cyberattack…
https://inl.gov/article/revolutionary-cybersecurity-tool-for-protecting-energy-systems-released-on-github/
Forwarded from Пост Лукацкого
NIST выпустил Open Security Controls Assessment Language (OSCAL), Version 1.0.0 - https://t.co/DZdNalLXUO Это язык и набор готовых моделей для оценки реализованных защитных мер (пока поддерживается FedRAMP и NIST SP800-53)
— Alexey Lukatsky (@alukatsky) June 21, 2019
— Alexey Lukatsky (@alukatsky) June 21, 2019
GitHub
usnistgov/OSCAL
Open Security Controls Assessment Language (OSCAL) - usnistgov/OSCAL
Forwarded from Vulnerability Management and more
Three days ago NASA published very interesting document "Cybersecurity Management and Oversight at the Jet Propulsion Laboratory". Most media outlets mentioned it as "#NASA was hacked using #RaspberryPi". Yes, this is true and you can find information about this incident in the document by "April 2018". But it's not even the most interesting part. There are many great and funny details about their CMDB-like system "Information Technology Security Database (ITSDB)", lack of network segmentation, unpathched vulnerabilities etc. And all this in ordinary, not very formal language. It seems like a good example how Information Security should be and should NOT be managed in a big organization and awesome weekend reading. 😊
В США планируют узаконить hackback для частных компаний.
https://www.technologyreview.com/s/613844/cybersecurity-hackers-hacking-back-us-congress/
https://www.technologyreview.com/s/613844/cybersecurity-hackers-hacking-back-us-congress/
MIT Technology Review
Five reasons “hacking back” is a recipe for cybersecurity chaos
A new US bill would make it legal for private companies to chase hackers across the internet. It’s a terrible idea that simply will not die.