Taking Steps Toward DFARS Compliance: Encryption of Data at Rest
Continuing the topic of my recent blog posts, Government Contractors who store or transmit Covered Defense Information (CDI) are required to comply with the 14 control families of the NIST SP 800-171 by December 2017. The DFARS 252.204-7008 clause dictates the security requirements specified by DFARS 252.204-7012 for Safeguarding Covered Defense Information and Cyber Incident Reporting. The inte...
How Top Targeted Industries are Using RSA Archer to Stop Cyber Fraud - Part 1: Banks
If you were a bank robber, you would target the largest bank around in order to secure the biggest prize possible in exchange for the risk associated with committing the crime, right? The same is true for cyber criminals. They specifically target organizations within industries that provide the most return for their crime. These unseen criminals, though they are not stealing physical cash, are s...
Give Thanks for Cybersecurity
Thanksgiving Day is almost here and with it, our focus turns to our family, friends, food, and most importantly, football. As we celebrate one of our country’s most cherished traditions, we give thanks to health, wealth, good company, and of course, turkeys. However, this holiday season, we should recognize our nation’s involvement in cybersecurity and how much we’ve grown with it! Whether it be...
The Million-Dollar Insider Threat: Exposed
The threat posed by someone inside an organization is often overlooked and poses the highest risk. A survey from SANS found nearly a third of organizations have no capability to prevent or mitigate an insider attack or incident, while over a third estimated the potential loss from an insider threat to be over $1 million, before including the immeasurable damage to brand and reputation. Overall, ...
Tricks, Treats, and Tips: What to Really Be Afraid of this Halloween
As most of you know, October heralds a variety of festive autumn events such as the epic return of the pumpkin spice everything, Halloween, and the beautiful transition of fall foliage. October also happens to be National Cyber Security Awareness Month, which provides us an opportunity to shed light on every day dangers that we face in our vastly connected world. In addition to things that go bu...
Taking Steps Toward DFARS Compliance: Multi-Factor Authentication
As previously discussed in the CyberSheath blog, government contractors who process, store or transmit Covered Defense Information (CDI) are required by DFARS 252.204-7008 to comply with the 14 control families of the NIST SP 800-171 by December 2017. The clause dictates the security requirements specified by DFARS 252.204-7012 for Safeguarding Covered Defense Information and Cyber Incident Repo...
Part Four: In-Depth Look at PAM Controls for DFARS Requirements
As part of an ongoing series on using privileged account management solutions to meet DFARS requirements, CyberSheath’s security consultants have explored technical controls in great detail, providing readers with real world applications that make a meaningful impact. This week CyberSheath continues to explore NIST control 800-171, “separate the duties of individuals to reduce the risk of malevole...
- Bad Security Habits Persist, Despite Rising Awareness: 2016 CyberArk Study
How to Hack a Locked Windows or Mac OS X machine: Simple Vulnerability Exposed
Hacking into a locked Windows or Mac computer should not be this simple, and yet it is. A security design flaw was recently exposed that shows a PC or Mac that is logged in but locked can have the login credentials stolen. The hack takes an average of 13 seconds and the credentials can then be used to compromise all other accounts sharing those credentials. Here’s how it works and what it means ...
Part Three: In-Depth Look at PAM Controls for DFARS Requirements
CyberSheath’s security consultants and implementation engineers have previously written about utilizing privileged account management solutions to meet DFARS requirements, and this week James Creamer continues to explore DFARS control requirements in detail.