Tag: nist
-
Generative AI red teaming: Tips and techniques for putting LLMs to the test
by
in SecurityNewsDefining objectives and scopeAssembling a teamThreat modelingAddressing the entire application stackDebriefing, post-engagement analysis, and continuous improvementGenerative AI red teaming complements traditional red teaming by focusing on the nuanced and complex aspects of AI-driven systems including accounting for new testing dimensions such as AI-specific threat modeling, model reconnaissance, prompt injection, guardrail bypass, and more. AI red-teaming…
-
NIST Finalizes Differential Privacy Rules to Protect Data
by
in SecurityNewsThe National Institute of Standards and Technology (NIST) released updated differential privacy guidelines for organizations to follow to protect personally identifiable information when sharing data. First seen on darkreading.com Jump to article: www.darkreading.com/data-privacy/nist-finalizes-differential-privacy-rules-to-protect-data
-
NIST selects HQC as backup algorithm for post-quantum encryption
by
in SecurityNewsLast year, NIST standardized a set of encryption algorithms that can keep data secure from a cyberattack by a future quantum computer. Now, NIST has selected a backup … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/12/nist-hqc-post-quantum-encryption-algorithm/
-
NIST Releases New Report on Crypto-Agility What You Need to Know Now
by
in SecurityNewsIf you’re keeping up with post-quantum cryptography (PQC), here’s some big news: The U.S. National Institute of Standards and Technology (NIST) has released a fresh initial public draft of a Cybersecurity Whitepaper titled Considerations for Achieving Crypto-Agility. This whitepaper tackles the real-world challenges and trade-offs involved in cryptographic transitions and discusses key strategies for achieving……
-
What is risk management? Quantifying and mitigating uncertainty
by
in SecurityNews
Tags: breach, business, cio, ciso, compliance, control, cyber, cyberattack, data, finance, flaw, framework, governance, healthcare, infosec, infrastructure, insurance, international, jobs, mitigation, monitoring, nist, risk, risk-analysis, risk-assessment, risk-management, software, strategy, technology, tool, vulnerabilityHow do organizations structure risk management operations?: Risk management has in some organizations traditionally been multicentric, with different departments or individuals within the org implementing risk management techniques in their work: Risk management is a component of good project management, for instance. IT leaders in particular must be able to integrate risk management philosophies and…
-
House passes bill requiring federal contractors to have vulnerability disclosure policies
by
in SecurityNewsThe legislation to make contractors implement VDPs aligned with NIST guidelines is aimed at protecting Americans’ data, co-sponsor Rep. Nancy Mace says. First seen on cyberscoop.com Jump to article: cyberscoop.com/house-passes-federal-contractors-vdp-bill/
-
Is your enterprise ‘cyber resilient’? Probably not. Here’s how other boards fixed that
by
in SecurityNews
Tags: backup, breach, business, ciso, cloud, compliance, control, cyber, cyberattack, cybersecurity, endpoint, finance, framework, governance, incident, metric, monitoring, nist, resilience, risk, service, strategy, supply-chain, tool, training, vulnerability, vulnerability-managementLockheed Martin: Lockheed Martin introduced its Cyber Resiliency Level (CRL) Framework and corresponding Scoreboard in 2018, illustrating a more formalized approach to measuring cyber resilience during this period. The company’s Cyber Resiliency Scoreboard includes tools like a questionnaire and dashboard for measuring the maturity levels of six categories, including Cyber Hygiene and Architecture.MIT: The Balanced Scorecard for Cyber Resilience (BSCR) provides…
-
What is zero trust? The security model for a distributed and risky era
by
in SecurityNews
Tags: access, ai, authentication, best-practice, breach, business, ceo, cloud, compliance, computer, computing, control, corporate, credentials, cyberattack, data, detection, framework, government, guide, identity, infrastructure, intelligence, jobs, login, monitoring, network, nist, office, password, ransomware, regulation, risk, saas, service, technology, threat, tool, vpn, zero-trustHow zero trust works: To visualize how zero trust works, consider a simple case: a user accessing a shared web application. Under traditional security rules, if a user was on a corporate network, either because they were in the office or connected via a VPN, they could simply click the application and access it; because…
-
Google Integrates Quantum-Safe Digital Signatures
Computing Giant Warns Against Future Decryption of Secure Communications. Google adopted quantum-safe digital signatures for its cloud environment designed to help users combat the next phase of adversarial attacks. The announcement from the company comes days after Microsoft unveiled its latest quantum chip. NIST formalized the algorithms in August 2024. First seen on govinfosecurity.com Jump…
-
What is anomaly detection? Behavior-based analysis for cyber threats
by
in SecurityNewsa priori the bad thing that you’re looking for,” Bruce Potter, CEO and founder of Turngate, tells CSO. “It’ll just show up because it doesn’t look like anything else or doesn’t look like it’s supposed to. People have been tilting at that windmill for a long time, since the 1980s, trying to figure out what…
-
FedRAMP ConMon vs Audits: What’s the Difference?
by
in SecurityNewsA lot goes into protecting the information security of the nation. The National Institute of Standards and Technology, NIST, maintains a list of security controls under the banner of NIST SP 800-53, Security and Privacy Controls for Information Systems and Organizations. Meanwhile, the Federal Risk and Authorization Management Program, or FedRAMP, sets up a framework……
-
MSSP Market Update: Judy Security, Strike Graph Partner for NIST Compliance
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/mssp-market-update-judy-security-strike-graph-partner-for-nist-compliance
-
It pays to know how your cybersecurity stacks up
by
in SecurityNewsLike all other business leaders, chief information security officers (CISOs) could find themselves on the unemployment line if something on their watch goes seriously sideways.But what if CISOs simply aren’t demonstrating enough business value?With companies cutting costs, proving cybersecurity programs are good for the business has become vital to protecting budgets and jobs. That’s why…
-
What 2025 HIPAA Changes Mean to You
by
in SecurityNews
Tags: access, application-security, authentication, breach, business, cloud, compliance, control, cybersecurity, data, encryption, healthcare, HIPAA, identity, incident response, insurance, law, mfa, monitoring, nist, office, penetration-testing, privacy, risk, risk-analysis, service, strategy, threat, tool, vulnerabilityWhat 2025 HIPAA Changes Mean to You madhav Tue, 02/04/2025 – 04:49 Thales comprehensive Data Security Platform helps you be compliant with 2025 HIPAA changes. You are going about your normal day, following routine process at your healthcare organization, following the same business process you’ve followed for the last twelve years. You expect Personal Health…
-
Using the NIST Phish Scale Framework to Detect and Fight Phishing Attacks
The NIST Phish Scale framework offers a structured and effective approach to improving phishing awareness training in organizations. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/using-the-nist-phish-scale-framework-to-detect-and-fight-phishing-attacks/
-
US takes aim at healthcare cybersecurity with proposed HIPAA changes
by
in SecurityNews
Tags: access, authentication, best-practice, breach, compliance, control, csf, cyber, cyberattack, cybersecurity, data, defense, detection, dora, encryption, finance, framework, government, group, healthcare, HIPAA, incident response, infrastructure, insurance, intelligence, jobs, law, malware, mfa, network, nist, penetration-testing, phishing, privacy, ransom, ransomware, regulation, resilience, risk, security-incident, service, skills, technology, threat, tool, update, usa, vulnerability, vulnerability-managementThe US Department of Health and Human Services (HHS) has launched a consultation on stricter rules for the safeguarding of electronic health records.The proposed revamp of security rules covered by the Health Insurance Portability and Accountability Act (HIPAA) is designed to address the increased risk from cyberattacks such as ransomware against healthcare environments.The revamped rules…
-
5 Things Government Agencies Need to Know About Zero Trust
by
in SecurityNews
Tags: access, application-security, attack, best-practice, business, cloud, control, cyber, cybersecurity, data, gartner, government, identity, incident response, infrastructure, Internet, jobs, monitoring, network, nist, risk, skills, strategy, technology, update, vulnerability, vulnerability-management, zero-trustZero trust as a concept is simple to grasp. Implementing a zero trust architecture, on the other hand, is complex because it involves addressing a unique mix of process, procedure, technology and user education. Here are some considerations to keep in mind as you begin your journey. Draft guidance on implementing a zero trust architecture,…
-
Securing the Quantum Era: What NIST’s New Encryption Standards Mean for Cybersecurity
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/perspective/securing-the-quantum-era-what-nists-new-encryption-standards-mean-for-cybersecurity
-
Making FedRAMP ATOs Great with OSCAL and Components
by
in SecurityNewsOMB Memo M-24-15 published on July 24, 2024 directed GSA and the FedRAMP PMO to streamline the FedRAMP ATO process using NIST OSCAL. By late 2025 or early 2026 (18 months after the issuance of the memo), GSA must ensure the ability to receive FedRAMP authorization and continuous monitoring artifacts through automated, machine-readable means. Additionally,……
-
Secure by design vs by default which software development concept is better?
by
in SecurityNews
Tags: access, api, application-security, attack, business, cisa, cloud, control, cyber, cybersecurity, data, data-breach, exploit, framework, guide, Hardware, infrastructure, malicious, mfa, nist, programming, resilience, risk, saas, security-incident, service, software, supply-chain, technology, threat, tool, update, vulnerabilityAs cybersecurity professionals, we need to know that the software products we acquire are safe and able to support or accommodate the procedures and tools we use to keep attackers at bay while performing their given functions.With attacks perennially on the rise and the software supply chain remaining as vulnerable as ever, there is momentum…
-
Australia to Phase Out Weak Encryption Algorithms by 2030
by
in SecurityNewsRegulators Say NIST’s 2035 Deadline for Insecure Encryption Could Be Too Late. Australia has rolled out an ambitious roadmap to prepare for future quantum-enabled cyberattacks. Regulators are ready to set an end date for several existing encryption algorithms in 2030 – five years earlier than the deadline set by National Institute of Standards and Technology…
-
An easy to follow NIST Compliance Checklist
by
in SecurityNewsWe have seen how cyber attacks have disrupted organisations and businesses repeatedly. Mitigating emerging threats is crucial more than ever, and many organisations are at the forefront of combating them. One such organisation is the National Institute of Standards and Technology (NIST). NIST has released many Special Publications (SP) regulations, each containing guidelines for improving……