Collecting Cyber-News from over 60 sources

Tag: nist

NIST Compliance Checklist: A Guide

Feb 7, 2025 6:06 AM

Tags: compliance, cybersecurity, data, framework, guide, nist, risk, technology
MSSP Market Update: Judy Security, Strike Graph Partner for NIST Compliance

Feb 6, 2025 10:06 PM

Tags: compliance, mssp, nist, update

First seen on scworld.com Jump to article: www.scworld.com/news/mssp-market-update-judy-security-strike-graph-partner-for-nist-compliance
It pays to know how your cybersecurity stacks up

Feb 4, 2025 10:12 PM

Tags: advisory, attack, breach, business, ceo, ciso, cloud, cybersecurity, data, endpoint, framework, gartner, group, intelligence, international, jobs, metric, network, nist, risk, startup, technology, tool, update

Like all other business leaders, chief information security officers (CISOs) could find themselves on the unemployment line if something on their watch goes seriously sideways.But what if CISOs simply aren’t demonstrating enough business value?With companies cutting costs, proving cybersecurity programs are good for the business has become vital to protecting budgets and jobs. That’s why…
What 2025 HIPAA Changes Mean to You

Feb 4, 2025 10:12 AM

Tags: access, application-security, authentication, breach, business, cloud, compliance, control, cybersecurity, data, encryption, healthcare, HIPAA, identity, incident response, insurance, law, mfa, monitoring, nist, office, penetration-testing, privacy, risk, risk-analysis, service, strategy, threat, tool, vulnerability

What 2025 HIPAA Changes Mean to You madhav Tue, 02/04/2025 – 04:49 Thales comprehensive Data Security Platform helps you be compliant with 2025 HIPAA changes. You are going about your normal day, following routine process at your healthcare organization, following the same business process you’ve followed for the last twelve years. You expect Personal Health…
Using the NIST Phish Scale Framework to Detect and Fight Phishing Attacks

Feb 3, 2025 12:12 PM

Tags: attack, awareness, framework, nist, phishing, training

The NIST Phish Scale framework offers a structured and effective approach to improving phishing awareness training in organizations. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/using-the-nist-phish-scale-framework-to-detect-and-fight-phishing-attacks/
How Long Does It Take Hackers to Crack Modern Hashing Algorithms?

Jan 28, 2025 12:36 PM

Tags: access, defense, hacker, nist, password, unauthorized

While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity. Hashing, however, remains a non-negotiable. Even long secure passphrases should be hashed to prevent them First…
US takes aim at healthcare cybersecurity with proposed HIPAA changes

Jan 28, 2025 10:03 AM

Tags: access, authentication, best-practice, breach, compliance, control, csf, cyber, cyberattack, cybersecurity, data, defense, detection, dora, encryption, finance, framework, government, group, healthcare, HIPAA, incident response, infrastructure, insurance, intelligence, jobs, law, malware, mfa, network, nist, penetration-testing, phishing, privacy, ransom, ransomware, regulation, resilience, risk, security-incident, service, skills, technology, threat, tool, update, usa, vulnerability, vulnerability-management

The US Department of Health and Human Services (HHS) has launched a consultation on stricter rules for the safeguarding of electronic health records.The proposed revamp of security rules covered by the Health Insurance Portability and Accountability Act (HIPAA) is designed to address the increased risk from cyberattacks such as ransomware against healthcare environments.The revamped rules…
HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA

Jan 23, 2025 11:22 AM

Tags: access, authentication, breach, business, cloud, compliance, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, encryption, endpoint, hacker, healthcare, HIPAA, insurance, mfa, network, nist, office, privacy, regulation, risk, risk-assessment, service, software, strategy, threat, unauthorized, update, vulnerability

HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA madhav Thu, 01/23/2025 – 06:25 Data Breaches in Healthcare: Why Stronger Regulations Matter A data breach involving personal health information isn’t just about stolen files”, it’s a gut punch to trust and a serious shake-up to people’s lives. Think about…
25 on 2025: APAC security thought leaders share their predictions and aspirations

Jan 22, 2025 8:22 PM

Tags: access, advisory, ai, api, attack, authentication, awareness, best-practice, breach, business, ciso, cloud, compliance, control, cryptography, csf, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, data-breach, deep-fake, detection, disinformation, encryption, endpoint, exploit, extortion, finance, framework, fraud, government, group, hacking, Hardware, identity, incident, incident response, infrastructure, injection, intelligence, international, iot, malicious, malware, microsoft, monitoring, network, nist, phishing, privacy, ransomware, regulation, resilience, risk, risk-management, scam, service, skills, social-engineering, software, spear-phishing, strategy, supply-chain, tactics, technology, threat, tool, training, update, vulnerability, warfare, zero-trust

As threat actors and security teams harness the growing potential of artificial intelligence (AI), who will prevail? From generative AI (GenAI) to agentic AI, we look through the lens of 25 of Asia-Pacific’s thought leaders in security and dive into their predictions and goals for the year. src=”https://b2b-contenthub.com/wp-content/uploads/2025/01/Athikom.jpg?quality=50&strip=all” alt=”athikom” loading=”lazy” width=”400px”>Athikom Kanchanavibhu Chief Information Security…
5 Things Government Agencies Need to Know About Zero Trust

Jan 15, 2025 6:02 PM

Tags: access, application-security, attack, best-practice, business, cloud, control, cyber, cybersecurity, data, gartner, government, identity, incident response, infrastructure, Internet, jobs, monitoring, network, nist, risk, skills, strategy, technology, update, vulnerability, vulnerability-management, zero-trust

Zero trust as a concept is simple to grasp. Implementing a zero trust architecture, on the other hand, is complex because it involves addressing a unique mix of process, procedure, technology and user education. Here are some considerations to keep in mind as you begin your journey. Draft guidance on implementing a zero trust architecture,…
Securing the Quantum Era: What NIST’s New Encryption Standards Mean for Cybersecurity

Jan 7, 2025 10:18 PM

Tags: cybersecurity, encryption, nist

First seen on scworld.com Jump to article: www.scworld.com/perspective/securing-the-quantum-era-what-nists-new-encryption-standards-mean-for-cybersecurity
Making FedRAMP ATOs Great with OSCAL and Components

Jan 5, 2025 4:19 PM

Tags: fedramp, monitoring, nist

OMB Memo M-24-15 published on July 24, 2024 directed GSA and the FedRAMP PMO to streamline the FedRAMP ATO process using NIST OSCAL. By late 2025 or early 2026 (18 months after the issuance of the memo), GSA must ensure the ability to receive FedRAMP authorization and continuous monitoring artifacts through automated, machine-readable means. Additionally,……
Secure by design vs by default which software development concept is better?

Jan 3, 2025 8:17 AM

Tags: access, api, application-security, attack, business, cisa, cloud, control, cyber, cybersecurity, data, data-breach, exploit, framework, guide, Hardware, infrastructure, malicious, mfa, nist, programming, resilience, risk, saas, security-incident, service, software, supply-chain, technology, threat, tool, update, vulnerability

As cybersecurity professionals, we need to know that the software products we acquire are safe and able to support or accommodate the procedures and tools we use to keep attackers at bay while performing their given functions.With attacks perennially on the rise and the software supply chain remaining as vulnerable as ever, there is momentum…
SecurityTrainings ein Ratgeber

Dec 27, 2024 5:42 AM

Tags: awareness, breach, cyberattack, cybersecurity, cyersecurity, data, data-breach, framework, mail, nis-2, nist, open-source, password, phishing, risk, sans, service, social-engineering, spear-phishing, strategy, tool, training
How to Leverage the FAIR Model with the NIST CSF

Dec 19, 2024 6:42 PM

Tags: csf, cybersecurity, nist, risk, threat, vulnerability
Australia to Phase Out Weak Encryption Algorithms by 2030

Dec 18, 2024 1:42 AM

Tags: encryption, nist, technology

Regulators Say NIST’s 2035 Deadline for Insecure Encryption Could Be Too Late. Australia has rolled out an ambitious roadmap to prepare for future quantum-enabled cyberattacks. Regulators are ready to set an end date for several existing encryption algorithms in 2030 – five years earlier than the deadline set by National Institute of Standards and Technology…
An easy to follow NIST Compliance Checklist

Dec 17, 2024 3:44 PM

Tags: attack, compliance, cyber, nist, regulation, technology, threat

We have seen how cyber attacks have disrupted organisations and businesses repeatedly. Mitigating emerging threats is crucial more than ever, and many organisations are at the forefront of combating them. One such organisation is the National Institute of Standards and Technology (NIST). NIST has released many Special Publications (SP) regulations, each containing guidelines for improving……
Data Security Predictions for 2025: Putting Protection and Resilience at Center Stage

Dec 17, 2024 2:42 PM

Tags: access, ai, attack, authentication, breach, business, cloud, compliance, computer, computing, credentials, crypto, cryptography, cyber, cyberattack, cybercrime, cybersecurity, data, defense, detection, dora, encryption, framework, hacker, infrastructure, international, law, ml, monitoring, network, nis-2, nist, PCI, phishing, privacy, regulation, resilience, risk, risk-management, service, skills, social-engineering, software, strategy, supply-chain, technology, threat, tool, vulnerability, zero-trust

Data Security Predictions for 2025: Putting Protection and Resilience at Center Stage madhav Tue, 12/17/2024 – 05:10 Cybersecurity is a remarkably dynamic industry. New trends, technologies, and techniques reshape the landscape at an extraordinary pace, meaning keeping up can be challenging. Protecting data, the driving force of modern businesses, will continue to be the primary…
Bewusstsein für Cybersicherheit NIS2 macht Cybersicherheit zur Chefsache

Dec 17, 2024 5:42 AM

Tags: bsi, compliance, cyersecurity, germany, ISO-27001, nis-2, nist, veeam

Unternehmen die etablierte Standards wie ISO 27001, BSI-Grundschutz oder NIST bereits erfüllen, haben einen überschaubaren Weg zur NIS2-Compliance vor sich. Thomas Sandner, Senior Regional Technical Sales Director Germany, Veeam erklärt im Interview welche Auswirkungen NIS2 hat. First seen on ap-verlag.de Jump to article: ap-verlag.de/bewusstsein-fuer-cybersicherheit-nis2-macht-cybersicherheit-zur-chefsache/92221/
Leveraging NIST OSCAL to Provide Compliance Automation: The Complete Guide

Dec 10, 2024 12:08 PM

Tags: automation, compliance, control, data, fedramp, framework, guide, nist, risk, risk-management

What is OSCAL? OSCAL provides a traceable and machine-readable data format for capturing and sharing security information. A standardized, continuous representation of an organization’s security controls helps prove compliance with NIST’s risk management framework for mandated federal agencies. FedRAMP joined with NIST to create the Open Security Controls Assessment Language (OSCAL), a standard that can……
Cybersecurity Insights with Contrast CISO David Lindner – 12/06/24

Dec 6, 2024 6:49 PM

Tags: ciso, control, cve, cybersecurity, defense, detection, firewall, malicious, nist, threat, tool, vulnerability
Security teams should act now to counter Chinese threat, says CISA

Dec 4, 2024 7:48 PM

Tags: 5G, access, apple, at&t, attack, authentication, china, cisa, cisco, communications, control, cyber, cybersecurity, data, encryption, espionage, exploit, google, government, hacker, infrastructure, linux, microsoft, mitigation, mobile, monitoring, network, nist, password, risk, service, siem, technology, theft, threat, vpn, vulnerability

Security teams and individuals across the US need to take immediate precautions to counter the surveillance threat posed by Chinese ‘Salt Typhoon’ hackers, who have burrowed deep into telecoms infrastructure, according to the US Cybersecurity and Infrastructure Security Agency (CISA).CISA issued an official alert recommending defensive measures on December 3, as federal officials briefed journalists…
Six password takeaways from the updated NIST cybersecurity framework

Dec 4, 2024 4:48 PM

Tags: cybersecurity, framework, nist, password, software

Updated NIST guidelines reject outdated password security practices in favor of more effective protections. Learn from Specops Software about 6 takeaways from NIST’s new guidance that help create strong password policies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/six-password-takeaways-from-the-updated-nist-cybersecurity-framework/
CIO POV: Building trust in cyberspace

Dec 3, 2024 5:48 AM

Tags: access, ai, attack, best-practice, business, cio, cisa, cloud, cyber, data, deep-fake, encryption, framework, GDPR, group, identity, infrastructure, intelligence, Internet, mfa, mitre, nist, privacy, regulation, resilience, risk, service, software, strategy, technology, threat, tool, update, windows

Trust lies at the heart of every relationship, transaction, and encounter. Yet in cyberspace”, where we work, live, learn, and play”, trust can become elusive.Since the dawn of the internet nearly 50 years ago, we’ve witnessed incredible digital transformations paired with increasingly formidable threats. Knowing who and what to trust has become so difficult that…
EU-Vorstoß: Was bedeuten die neuen NIS2-Anforderungen konkret?

Dec 1, 2024 7:27 PM

Tags: cyber, framework, nis-2, nist

Glücklicherweise können aktuelle Cybersicherheitsrahmenwerke, wie das NIST Cyber Security Framework (CSF) oder ISO27001 eine solide Grundlage bilden, … First seen on infopoint-security.de Jump to article: www.infopoint-security.de/eu-vorstoss-was-bedeuten-die-neuen-nis2-anforderungen-konkret/a37350/
Quantum-Sicherheit beginnt jetzt: Was Unternehmen über die neuen NIST-Standards wissen müssen

Dec 1, 2024 5:26 PM

Tags: nist

Bislang befanden sich Entwickler und Security-Teams in einer abwartenden Position, doch mit der Finalisierung dieser Standards beginnt nun der Weg zur… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/quantum-sicherheit-beginnt-jetzt-was-unternehmen-ueber-die-neuen-nist-standards-wissen-muessen/a38069/
NIST SP 800-61 Revision 1: Computer Security Incident Handling Guide

Dec 1, 2024 1:24 PM

Tags: computer, guide, nist, security-incident

First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/agency-releases/nist-sp-800-61-revision-1-computer-security-incident-handling-r-2383
NIST SP 800-39: Managing Information Security Risk

Dec 1, 2024 1:24 PM

Tags: nist, risk

First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/agency-releases/nist-sp-800-39-managing-information-security-risk-r-2353
NIST FIPS PUB 201-2: Personal Identity Verification of Federal Employees and Contractors DRAFT

Dec 1, 2024 1:24 PM

Tags: identity, nist

First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/agency-releases/nist-fips-pub-201-2-personal-identity-verification-federal-r-2379
NIST Announces First Quantum-Resistant Cryptographic Standards, PQC End of 3rd Evaluation Round

Dec 1, 2024 2:19 AM

Tags: nist

After a long process started in 2016, today NIST announced the first standardized cryptographic algorithms designed to protect IT systems against futu… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2022/07/05/nist-announces-first-quantum-resistant-cryptographic-standards-pqc-end-of-3rd-evaluation-round/