The National Institute of Standards and Technology (NIST) has created a Cybersecurity Framework (CSF) that suggests procedures and controls that help enhance an organization’s cybersecurity posture. An independent NIST CSF assessment conducted by a CRI professional assesses an organization’s specific cybersecurity needs using five distinct functions, from what precautions need to be in place to [...]
A cyber breach can have potentially devastating effects on a company. It can erode public trust, cause millions of dollars in losses, and even lead to fines and lawsuits. In order to help organizations improve cybersecurity, the National Institute of Standards and Technology (NIST) released its Cybersecurity Framework (CSF), which provides several guidelines related to [...]
In February of 2013, Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” was introduced as a means of sharing cybersecurity threat information. The goal was to build a framework around standardized security for the United States to reduce potential risks to critical infrastructure. One year later, the National Institute of Standards and Technology released version 1.0 [...]
Do you know where an attacker could break through your company’s cyber defenses? Chances are, there are more points of vulnerability than you realize, and the stakes are high to protect what’s important. Customers, employees, regulators, boards of directors, and many other stakeholders hold businesses accountable for securing sensitive data. Customers in certain highly regulated [...]
Until the last couple of years, data breaches seemed to be the domain of major corporations—Target, Home Depot, Sony, JP Morgan. However, in recent years, as businesses of every size become increasingly reliant on data and information systems, it is becoming clear that no business is too small to be a target. And yet, only [...]
For a homeowner, the knowledge that a trained eye has evaluated the home security system — and attested that it is in good working order — can go a long way toward a good night’s sleep. The same goes for business owners and executives in charge of keeping the company’s digital assets safe. Recent global [...]
Is your organization protected against a potential crippling cybersecurity attack? Scott Bailey shares 3 risk assessment steps to keep your organization out of the headlines: identify essential assets, evaluate data flow and current protection, and recommend improvements.
A strong cybersecurity posture consists of effective measures related to prevention, assessment, detection, response, and recovery. But how can you determine whether your company is succeeding in these areas? Watch as Lorri Kidder discusses key questions that can help you evaluate your company’s cybersecurity defense system.
Cybersecurity is one of the the hottest topics in business today. Ever wonder where you should begin to protect your business and its assets? The best first step is to properly train your team regarding their roles in protecting your business from a potential breach. But how do you build a successful cybersecurity [...]
A company’s employees are generally expected to strive to protect the organization from a cybersecurity breach. Yet, thousands of team members unknowingly allow imposters to infiltrate businesses and steal millions of dollars by falling victim to executive impersonation fraud. Surveying the Landscape A variant of business email compromise (BEC), executive impersonation fraud entails a skilled [...]
In the game of cybersecurity, betting the farm on an ironclad perimeter defense is a losing strategy. “There is a good chance that hackers are already in your system,” a privacy attorney recently told Data Breach Today. “Your focus should turn to not only protecting your perimeter but also identifying hackers within your network and [...]
There are many steps companies can take to strengthen their cybersecurity, but there is one step that rises above the rest. Watch as Jon Heath explains the most important thing companies can do to protect themselves from a breach.
A key component of cybersecurity is properly training team members on their role in protecting the organization from a potential breach. Watch Jon Heath as he describes the key components of a well-structured cybersecurity training program.
For most business owners and executives, cybersecurity can feel like a game of roulette. No one is ever quite sure when an attack could occur. In reality, the sources of cyberattacks are sometimes more predictable than many might think. Here is one rule of thumb on which business leaders can rely: Their most vulnerable cybersecurity [...]
Cybersecurity is a high-stakes game. Understanding the key differences between various types of cyber information is critical to a strong information security program. After all, we protect what is important to us. Organizations that take the time to understand the value of the digital assets they are protecting are more likely to leave the table as [...]
Cybersecurity threats exploit the increased complexity and connectivity of critical infrastructure systems to gain access to digital assets. CRI’s cybersecurity assessment is based on the National Institute of Standards in Technology (NIST) Cybersecurity Framework – a living document, which includes three parts. Framework Core (Core): This common set of activities, outcomes and references used across [...]
One thing that computers and programmers typically do very well is encryption – so well that it is almost impossible to break. But what if the bad guys use this defensive move for extortion? If someone in your organization clicks on the wrong link in an email, then they may find out that the result [...]
Cyberattacks are here to stay—partially because the financial result is lucrative for the criminal and partly because the bad guys can easily hide from law enforcement. It seems to have started with three common types (one of which that has morphed) and have taken off in the below order: phishing*, which includes blast emails designed [...]
As phishing and other social engineering scams become more commonplace and sophisticated, the human factor often is the weakest brick in the walls of a company’s information security. Consider this statistic from a recent cybersecurity study: The average employee will click on one out of every 25 malicious messages. A layered strategy that includes firewalls, [...]
Anyone who enjoys crime dramas may have seen the following less-than-accurate scenario in a recent flick. After evading about a dozen bad guys, the hero makes it to the office where the villain keeps evidence that will put him away for good—but the laptop is secured with a password. The hero connects a device to [...]