Mitigating IoT-Based DDoS | NCCoE
https://www.nccoe.nist.gov/projects/building-blocks/mitigating-iot-based-ddos
https://www.nccoe.nist.gov/projects/building-blocks/mitigating-iot-based-ddos
www.nccoe.nist.gov
Mitigating IoT-Based DDoS | NCCoE
The demand for internet-connected “smart” home and small business devices is growing rapidly, but so too are concerns regarding the potential compromise of these devices. The term IoT is often applied to the aggregate of single-purpose, internet-connected…
House approves bill to secure internet-connected federal devices against cyber threats | TheHill
https://thehill.com/policy/cybersecurity/516373-house-approves-bill-to-secure-internet-connected-federal-devices-against
https://thehill.com/policy/cybersecurity/516373-house-approves-bill-to-secure-internet-connected-federal-devices-against
TheHill
House approves bill to secure internet-connected federal devices against cyber threats
The House on Monday passed legislation to improve the security of federal internet-connected devices, with the bill garnering bipartisan support.
UK NCSC releases the Vulnerability Disclosure ToolkitSecurity Affairs
https://securityaffairs.co/wordpress/108308/laws-and-regulations/vulnerability-disclosure-toolkit.html
https://securityaffairs.co/wordpress/108308/laws-and-regulations/vulnerability-disclosure-toolkit.html
Security Affairs
UK NCSC releases the Vulnerability Disclosure Toolkit
The British National Cyber Security Centre (NCSC) released a guideline for the implementation of a vulnerability disclosure process.
Gartner Top Security Projects for 2020-2021
https://www.gartner.com/smarterwithgartner/gartner-top-security-projects-for-2020-2021/
https://www.gartner.com/smarterwithgartner/gartner-top-security-projects-for-2020-2021/
Gartner
Gartner Top 10 Security Projects for 2020-2021
Gartner analyst Brian Reed shares the top 10 #security projects for 2020-2021. Read more. #GartnerSEC #CISO @Gartner_IT
Gartner Security & Risk Management Summit, Day 1 Highlights
https://www.gartner.com/en/newsroom/press-releases/2020-09-14-gartner-security---risk-management-summit--day-1-high
https://www.gartner.com/en/newsroom/press-releases/2020-09-14-gartner-security---risk-management-summit--day-1-high
Gartner
Gartner Security & Risk Management Summit, Day 1 Highlights
Read the highlights from Day 1 at the Gartner Security & Risk Management Summit. #GartnerSEC #CISO #CyberSecurity #Security
The Phish Scale: NIST’s New Tool Helps IT Staff See Why Users Click on Fraudulent Emails | NIST
https://www.nist.gov/news-events/news/2020/09/phish-scale-nists-new-tool-helps-it-staff-see-why-users-click-fraudulent
https://www.nist.gov/news-events/news/2020/09/phish-scale-nists-new-tool-helps-it-staff-see-why-users-click-fraudulent
NIST
The Phish Scale: NIST-Developed Method Helps IT Staff See Why Users Click on Fraudulent Emails
Researchers at the National Institute of Standards and Technology (NIST) have developed a new method called the Phish Scale that could help organizations bet
Forwarded from Листок бюрократической защиты информации
💰Увеличение штрафов за разглашение информации с ограниченным доступом
В Государственную Думу внесен законопроект «О внесении изменений в Кодекс Российской Федерации об административных правонарушениях», которым предусматривается увеличение сумм штрафов за разглашение информации с ограниченным доступом (ст. 13.14 КОАП):
- для граждан до 5000-10000 руб. (сейчас 500-1000 руб.);
- для должностных лиц до 40000 - 50000 руб. (сейчас 4000-5000 руб.).
В Государственную Думу внесен законопроект «О внесении изменений в Кодекс Российской Федерации об административных правонарушениях», которым предусматривается увеличение сумм штрафов за разглашение информации с ограниченным доступом (ст. 13.14 КОАП):
- для граждан до 5000-10000 руб. (сейчас 500-1000 руб.);
- для должностных лиц до 40000 - 50000 руб. (сейчас 4000-5000 руб.).
Forwarded from Alexander Popov
Добрый день.
Выложили видео с Linux Security Summit North America 2020
https://m.youtube.com/playlist?list=PLbzoR-pLrL6rph1P4IRTbLweZXE9SnHU6
Выложили видео с Linux Security Summit North America 2020
https://m.youtube.com/playlist?list=PLbzoR-pLrL6rph1P4IRTbLweZXE9SnHU6
The following 3 NIST Cybersecurity events have been rescheduled.
(1) Virtual Workshop on Challenges with Compliance, Operations, and Security with Encrypted Protocols, in Particular TLS 1.3
(This workshop was rescheduled from August 13.)
NEW DATE: FRIDAY, SEPTEMBER 25 (12:00pm to 3:30pm EDT)
For workshop details, agenda and registration information, go to:
https://www.nccoe.nist.gov/events/rescheduled-virtual-workshop-challenges-compliance-operations-and-security-encrypted
(2) Virtual Workshop on the Automation of the NIST Cryptographic Module Validation Program (CMVP)
(This workshop was rescheduled from September 1.)
NEW DATE: MONDAY, OCTOBER 5 (11:00am to 2:45pm EDT)
For workshop details, agenda and registration information, go to:
https://www.nccoe.nist.gov/events/rescheduled-virtual-workshop-automation-nist-cryptographic-module-validation-program-cmvp
(3) Virtual Workshop on Considerations in Migrating to Post-Quantum Cryptographic Algorithms
(This workshop was rescheduled from August 24.)
NEW DATE: WEDNESDAY, OCTOBER 7 (11:00am to 2:45pm EDT)
For workshop details, agenda and registration information, go to:
https://www.nccoe.nist.gov/events/rescheduled-virtual-workshop-considerations-migrating-post-quantum-cryptographic-algorithms
(1) Virtual Workshop on Challenges with Compliance, Operations, and Security with Encrypted Protocols, in Particular TLS 1.3
(This workshop was rescheduled from August 13.)
NEW DATE: FRIDAY, SEPTEMBER 25 (12:00pm to 3:30pm EDT)
For workshop details, agenda and registration information, go to:
https://www.nccoe.nist.gov/events/rescheduled-virtual-workshop-challenges-compliance-operations-and-security-encrypted
(2) Virtual Workshop on the Automation of the NIST Cryptographic Module Validation Program (CMVP)
(This workshop was rescheduled from September 1.)
NEW DATE: MONDAY, OCTOBER 5 (11:00am to 2:45pm EDT)
For workshop details, agenda and registration information, go to:
https://www.nccoe.nist.gov/events/rescheduled-virtual-workshop-automation-nist-cryptographic-module-validation-program-cmvp
(3) Virtual Workshop on Considerations in Migrating to Post-Quantum Cryptographic Algorithms
(This workshop was rescheduled from August 24.)
NEW DATE: WEDNESDAY, OCTOBER 7 (11:00am to 2:45pm EDT)
For workshop details, agenda and registration information, go to:
https://www.nccoe.nist.gov/events/rescheduled-virtual-workshop-considerations-migrating-post-quantum-cryptographic-algorithms
www.nccoe.nist.gov
RESCHEDULED: Virtual Workshop on Challenges with Compliance, Operations, and Security with Encrypted Protocols, in Particular TLS…
This workshop was rescheduled from August 13. The National Institute of Standards and Technology (NIST) will host a virtual workshop to discuss compliance, operations, and security challenges with the modern encrypted protocols on Friday, September 25, 2020…
Cyber losses are increasing in frequency and severity - Help Net Security
https://www.helpnetsecurity.com/2020/09/14/cyber-losses-are-increasing-in-frequency-and-severity/
https://www.helpnetsecurity.com/2020/09/14/cyber-losses-are-increasing-in-frequency-and-severity/
Help Net Security
Cyber losses are increasing in frequency and severity - Help Net Security
The adoption of technology across all sectors has created new opportunities for cybercriminals, and cyber losses are increasing.
CISO Conversations: Intel, Cisco Security Chiefs Discuss the Making of a Great CISO – CISO Forum | 2020
https://www.cisoforum.com/ciso-conversations-intel-cisco-security-chiefs-discuss-the-making-of-a-great-ciso/
https://www.cisoforum.com/ciso-conversations-intel-cisco-security-chiefs-discuss-the-making-of-a-great-ciso/
Cisoforum
CISO Conversations: Intel, Cisco Security Chiefs Discuss the Making of a Great CISO
CISOs from Intel and Cisco paint a picture of the major threats to expect over the next few years, and best practices on how to handle them.
Новые проекты международной стандартизации
Проект международного стандарта ISO/IEC WD 27557 «Менеджмент в организации риска, связанного с неприкосновенностью частной жизни (персональными данными)»
ISO/IEC 27558 «Информационная безопасность, кибербезопасность и защита неприкосновенности частной жизни – Требования к органам, проводящим аудит и сертификацию систем менеджмента персональных данных в соответствии с ISO/IEC 27701 в сочетании с ISO/IEC 27001»
ISO/IEC WD 27559 «Концепция обезличивания данных, способствующего усилению защиты неприкосновенности частной жизни»
http://rusrim.blogspot.com/2020/09/blog-post_19.html?m=1
Проект международного стандарта ISO/IEC WD 27557 «Менеджмент в организации риска, связанного с неприкосновенностью частной жизни (персональными данными)»
ISO/IEC 27558 «Информационная безопасность, кибербезопасность и защита неприкосновенности частной жизни – Требования к органам, проводящим аудит и сертификацию систем менеджмента персональных данных в соответствии с ISO/IEC 27701 в сочетании с ISO/IEC 27001»
ISO/IEC WD 27559 «Концепция обезличивания данных, способствующего усилению защиты неприкосновенности частной жизни»
http://rusrim.blogspot.com/2020/09/blog-post_19.html?m=1
Blogspot
Новые проекты международной стандартизации
После совпавшего со вспышкой коронавируса летнего затишья, в последний месяц снова активизировались международные усилия в области стандар...
What are the most vulnerable departments and sectors to phishing attacks? - Help Net Security
https://www.helpnetsecurity.com/2020/09/16/vulnerable-departments-sectors-phishing-attacks/
https://www.helpnetsecurity.com/2020/09/16/vulnerable-departments-sectors-phishing-attacks/
Help Net Security
What are the most vulnerable departments and sectors to phishing attacks? - Help Net Security
The latest trends and cybersecurity statistics from Keepnet Labs reveal the most vulnerable sectors for phishing and data attacks.
Phishing awareness training wears off after a few months | ZDNet
https://www.zdnet.com/article/phishing-awareness-training-wears-off-after-a-few-months/
https://www.zdnet.com/article/phishing-awareness-training-wears-off-after-a-few-months/
ZDNet
Phishing awareness training wears off after a few months
Retraining employees after six months is recommended.