NIST

Staying Current On The Changing Threat Landscape: The Role Of The National Vulnerability Database (NVD)

The National Vulnerability Database (NVD is a leading source of intelligence on vulnerabilities for InfoSec professionals, and while it provides many benefits, it also has its limitations. This article will explain the advantages of using the NVD for vulnerability management, point out some of the blind spots that have occurred recently, and recommend best practices for successful mitigation.

Equifax? Let’s Talk Data Breaches and Identity Theft

Identity theft is on the rise and the latest data breach from Equifax could bring an “avalanche” of cyber crime with losses of billions of dollars. These are times when the individual response of each one of us could urge our government to stop the growing crisis, and to change flawed credit application processes that lie at the core of it. The five steps described in this article are useful to those affected and whose privacy might be breached. A personal story highlights that identity theft is more common than people expect.

Enter a new password … no, not that. Or that. Or …

Ronald Reagan famously said "The most terrifying words in the English language are: I'm from the government and I'm here to help" and he was right, especially when the IRS is involved. That said, occasionally a government agency does help and a recent document published by the National Institute of Standards and Technology (NIST) clears up a topic that really matters to all of us: How to passwords should be built.

The Side Effects Of A Technology Craving Society - Part 1

We live in a technology-hungry society where consumers are accustomed to the convenience of technology without understanding the risks and vulnerabilities that come with it. In this part 1 of 2 InfoSec Life articles, Phil Agcaoili, CISO, discusses the five core issues of basic cyber hygiene.

You Can’t Change The Future, But You Can Foresee It, and Be Ready

When it comes to ingesting, digesting, and applying threat intelligence in a meaningful way, it can seem like information overload. With their Threat Catalogue, HITRUST is helping the healthcare industry overcome this challenge with a complete list of security and privacy threats geared toward the threats the industry faces on a daily basis.

OWASP AppSec California Brings Diversity to the Beach

At this year’s AppSec California conference – a yearly event for InfoSec professionals, developers, pentesters, and QA and testing professionals – the Women in Security panel was among the most highly attended, a very clear indication that this topic resonates strongly with both women and men.

Small Businesses Need an Affordable, Qualified Cybersecurity Workforce

In the fragmented world of cybersecurity, equipping small businesses for cyber threats and preparing the next generation of infosec professionals will require community-based workforce development.

The Cybersecurity Profession Has a Clear Career Path. LOL. Just Kidding

Expert analysis by Candy Alexander of a recent study from ISSA and ESG emphasizes the need for more formal planning in career advancement in cybersecurity.

Another Good Day Ahead for Vets & Cybersecurity Industry in San Diego

San Diego is a boomtown for transitioning service members and veterans entering cybersecurity. Ken Slaght shares opportunities and resources offered by the San Diego Cyber Center of Excellence.

Shadow IT & Clouds. Let’s Minimize Risks & Enjoy the Benefits

With adoption of cloud applications on the rise, organizations need a plan for reducing the risk of shadow IT while allowing their organizations to enjoy the cloud's benefits.

Wouldn’t It Be NICE? The NICE Conference & Expo

How can education be used to produce the next generation of cybersecurity experts? The National Initiative for Cybersecurity Education (NICE) is bringing solutions and networking opportunities to Kansas City in its annual NICE Conference and Expo.

Privacy Risk and Control Design: NIST’s Framework for Managing Privacy Risk

Privacy Risk and Control Design: NIST’s Framework for Managing Privacy Risk

We made our way to the Moscone Center for the final day of sessions on a fresh San Francisco Friday morning. NIST’s (National Institute of Standard Technology) Framework for Managing Privacy Risk was the topic the panel was asked to dissect and discuss.