The following 3 NIST Cybersecurity events have been rescheduled.
(1) Virtual Workshop on Challenges with Compliance, Operations, and Security with Encrypted Protocols, in Particular TLS 1.3
(This workshop was rescheduled from August 13.)
NEW DATE: FRIDAY, SEPTEMBER 25 (12:00pm to 3:30pm EDT)
For workshop details, agenda and registration information, go to:
https://www.nccoe.nist.gov/events/rescheduled-virtual-workshop-challenges-compliance-operations-and-security-encrypted
(2) Virtual Workshop on the Automation of the NIST Cryptographic Module Validation Program (CMVP)
(This workshop was rescheduled from September 1.)
NEW DATE: MONDAY, OCTOBER 5 (11:00am to 2:45pm EDT)
For workshop details, agenda and registration information, go to:
https://www.nccoe.nist.gov/events/rescheduled-virtual-workshop-automation-nist-cryptographic-module-validation-program-cmvp
(3) Virtual Workshop on Considerations in Migrating to Post-Quantum Cryptographic Algorithms
(This workshop was rescheduled from August 24.)
NEW DATE: WEDNESDAY, OCTOBER 7 (11:00am to 2:45pm EDT)
For workshop details, agenda and registration information, go to:
https://www.nccoe.nist.gov/events/rescheduled-virtual-workshop-considerations-migrating-post-quantum-cryptographic-algorithms
(1) Virtual Workshop on Challenges with Compliance, Operations, and Security with Encrypted Protocols, in Particular TLS 1.3
(This workshop was rescheduled from August 13.)
NEW DATE: FRIDAY, SEPTEMBER 25 (12:00pm to 3:30pm EDT)
For workshop details, agenda and registration information, go to:
https://www.nccoe.nist.gov/events/rescheduled-virtual-workshop-challenges-compliance-operations-and-security-encrypted
(2) Virtual Workshop on the Automation of the NIST Cryptographic Module Validation Program (CMVP)
(This workshop was rescheduled from September 1.)
NEW DATE: MONDAY, OCTOBER 5 (11:00am to 2:45pm EDT)
For workshop details, agenda and registration information, go to:
https://www.nccoe.nist.gov/events/rescheduled-virtual-workshop-automation-nist-cryptographic-module-validation-program-cmvp
(3) Virtual Workshop on Considerations in Migrating to Post-Quantum Cryptographic Algorithms
(This workshop was rescheduled from August 24.)
NEW DATE: WEDNESDAY, OCTOBER 7 (11:00am to 2:45pm EDT)
For workshop details, agenda and registration information, go to:
https://www.nccoe.nist.gov/events/rescheduled-virtual-workshop-considerations-migrating-post-quantum-cryptographic-algorithms
www.nccoe.nist.gov
RESCHEDULED: Virtual Workshop on Challenges with Compliance, Operations, and Security with Encrypted Protocols, in Particular TLS…
This workshop was rescheduled from August 13. The National Institute of Standards and Technology (NIST) will host a virtual workshop to discuss compliance, operations, and security challenges with the modern encrypted protocols on Friday, September 25, 2020…
Cyber losses are increasing in frequency and severity - Help Net Security
https://www.helpnetsecurity.com/2020/09/14/cyber-losses-are-increasing-in-frequency-and-severity/
https://www.helpnetsecurity.com/2020/09/14/cyber-losses-are-increasing-in-frequency-and-severity/
Help Net Security
Cyber losses are increasing in frequency and severity - Help Net Security
The adoption of technology across all sectors has created new opportunities for cybercriminals, and cyber losses are increasing.
CISO Conversations: Intel, Cisco Security Chiefs Discuss the Making of a Great CISO – CISO Forum | 2020
https://www.cisoforum.com/ciso-conversations-intel-cisco-security-chiefs-discuss-the-making-of-a-great-ciso/
https://www.cisoforum.com/ciso-conversations-intel-cisco-security-chiefs-discuss-the-making-of-a-great-ciso/
Cisoforum
CISO Conversations: Intel, Cisco Security Chiefs Discuss the Making of a Great CISO
CISOs from Intel and Cisco paint a picture of the major threats to expect over the next few years, and best practices on how to handle them.
Новые проекты международной стандартизации
Проект международного стандарта ISO/IEC WD 27557 «Менеджмент в организации риска, связанного с неприкосновенностью частной жизни (персональными данными)»
ISO/IEC 27558 «Информационная безопасность, кибербезопасность и защита неприкосновенности частной жизни – Требования к органам, проводящим аудит и сертификацию систем менеджмента персональных данных в соответствии с ISO/IEC 27701 в сочетании с ISO/IEC 27001»
ISO/IEC WD 27559 «Концепция обезличивания данных, способствующего усилению защиты неприкосновенности частной жизни»
http://rusrim.blogspot.com/2020/09/blog-post_19.html?m=1
Проект международного стандарта ISO/IEC WD 27557 «Менеджмент в организации риска, связанного с неприкосновенностью частной жизни (персональными данными)»
ISO/IEC 27558 «Информационная безопасность, кибербезопасность и защита неприкосновенности частной жизни – Требования к органам, проводящим аудит и сертификацию систем менеджмента персональных данных в соответствии с ISO/IEC 27701 в сочетании с ISO/IEC 27001»
ISO/IEC WD 27559 «Концепция обезличивания данных, способствующего усилению защиты неприкосновенности частной жизни»
http://rusrim.blogspot.com/2020/09/blog-post_19.html?m=1
Blogspot
Новые проекты международной стандартизации
После совпавшего со вспышкой коронавируса летнего затишья, в последний месяц снова активизировались международные усилия в области стандар...
What are the most vulnerable departments and sectors to phishing attacks? - Help Net Security
https://www.helpnetsecurity.com/2020/09/16/vulnerable-departments-sectors-phishing-attacks/
https://www.helpnetsecurity.com/2020/09/16/vulnerable-departments-sectors-phishing-attacks/
Help Net Security
What are the most vulnerable departments and sectors to phishing attacks? - Help Net Security
The latest trends and cybersecurity statistics from Keepnet Labs reveal the most vulnerable sectors for phishing and data attacks.
Phishing awareness training wears off after a few months | ZDNet
https://www.zdnet.com/article/phishing-awareness-training-wears-off-after-a-few-months/
https://www.zdnet.com/article/phishing-awareness-training-wears-off-after-a-few-months/
ZDNet
Phishing awareness training wears off after a few months
Retraining employees after six months is recommended.
Data Integrity: Recovering from Ransomware and Other Destructive Events | NCCoE
https://www.nccoe.nist.gov/projects/building-blocks/data-integrity/recover
https://www.nccoe.nist.gov/projects/building-blocks/data-integrity/recover
Reminder : tommorow will be security track about yandex cloud. Good option to start with cloud technology.
Today security topics were also highlighted.
https://cloud.yandex.ru/events/scale-2020/program
Today security topics were also highlighted.
https://cloud.yandex.ru/events/scale-2020/program
Программа Yandex Scale 2020
О чём рассказывали на большой конференции облачной платформы Яндекса
Can We Have “Detection as Code”?. One more idea that has been bugging me… | by Anton Chuvakin | Anton on Security | Sep, 2020 | Medium
https://medium.com/anton-on-security/can-we-have-detection-as-code-96f869cfdc79
https://medium.com/anton-on-security/can-we-have-detection-as-code-96f869cfdc79
Medium
Can We Have “Detection as Code”?
One more idea that has been bugging me for years is an idea of “detection as code.” Why is it bugging me and why should anybody else care?
Google Cloud Security Talks - the latest in cloud security
https://cloudblog.withgoogle.com/products/identity-security/google-cloud-security-talks-the-latest-in-cloud-security/amp/
https://cloudblog.withgoogle.com/products/identity-security/google-cloud-security-talks-the-latest-in-cloud-security/amp/
Google
What you can learn in our Q3 2020 Google Cloud Security Talks
Better understand the resources at your disposal to protect your users, applications, and data by joining our Google Cloud Security Talks on September 23rd.
The Next Generation Security and Privacy Controls—Protecting the Nation’s Critical Assets | NIST
"NIST SP 800-53, Revision 5 is not just a minor update but rather a complete renovation—addressing both structural issues and technical content. The update represents a multi-year effort to develop the first comprehensive catalog of security and privacy controls that can be used to manage risk for organizations of any sector and size, and all types of systems—from super computers to industrial control systems to Internet of Things (IoT) devices."
https://www.nist.gov/blogs/cybersecurity-insights/next-generation-security-and-privacy-controls-protecting-nations
"NIST SP 800-53, Revision 5 is not just a minor update but rather a complete renovation—addressing both structural issues and technical content. The update represents a multi-year effort to develop the first comprehensive catalog of security and privacy controls that can be used to manage risk for organizations of any sector and size, and all types of systems—from super computers to industrial control systems to Internet of Things (IoT) devices."
https://www.nist.gov/blogs/cybersecurity-insights/next-generation-security-and-privacy-controls-protecting-nations
NIST
The Next Generation Security and Privacy Controls—Protecting the Nation’s Critical Assets
It has been seven years since the last major update to NIST’s flagship security and privacy guidance document Special Publication (SP) 800-
Lessons learned from a CISO’s first 100 days - Expel
https://expel.io/blog/lessons-learned-from-a-cisos-first-100-days/
https://expel.io/blog/lessons-learned-from-a-cisos-first-100-days/
Expel
Lessons learned from a CISO’s first 100 days - Expel
In this guest post, Amanda Fennell, CSO at Relativity reflects on what she’s learned.