The National Institute of Standards and Technology (NIST) has issued special publications focused on improving Third-Party Risk Management (TPRM) and Supply Chain Risk Management (SCRM). The NIST Cyber Security Framework (NIST CSF) special publication has become a popular option for its unique applicability to all industries with critical infrastructures. NIST CSF isn’t a light read.
The National Institute of Standards and Technology (NIST) has produced several publications addressing the different components of information technology security within the NIST 800 computer security series. Compliance across this entire NIST 800 series is expected for all internal and external service providers of government entities - such as the DoD federal agencies.
To put the impact of cybercrime into perspective, let’s examine some important, and startling, numbers: Data breach costs increased from $3.86 million to $4.24 million in 2021. Every 39 seconds, there is an attack. About 90% of healthcare organizations have fallen victim to at least one breach within the past three years. The bottom line? Cyberattacks are frequent and costly, and COVID-19 has only fueled the fire with more employers adopting a remote work structure.
The National Institute of Standards and Technology (NIST) has responded to the increased prevalence of third-party risks by specifying industry standards for securing the supply chain attack surface - the attack surface most vulnerable to third-party risks.
It was just another day in paradise. Well, it was as close to paradise as working in IT can be. Then, your boss read about another data breach and started asking questions about how well you’re managing security. Unfortunately, while you know you’re doing the day-to-day work, your documentation has fallen by the wayside. As much as people are loathed to admit it, this is where compliance can help.
This is the second post in the Threat-Based Methodology series. The first post introduced Threat-Based Methodology and the analysis conducted by the FedRAMP PMO and NIST. That post concluded with a list of the top seven controls based on their Protection Value. This post will explore CM-6 in greater depth and explain how Devo supports the ability to meet this control. CM-6, Configuration Settings, was determined to provide the most Protection Value with a score of 208.86.
As businesses and health organizations seek to strengthen cybersecurity, they’re turning frequently to compliance frameworks to help prioritize, guide, and improve decision-making and implementation. Two of the more popular compliance frameworks are the NIST CSF and the ISO 27001. For IT teams seeking to better understand the difference between these frameworks, as well as which is the ideal tool for their business, here’s what to know.
For the next interview in our series speaking to technology and IT leaders around the world, we’ve welcomed Co-chair of Cybersecurity, Data Protection & Privacy at Clark Hill, Jeffrey R. Wells to share his views on the state of cybersecurity today.
