Adopting the policies in NIST 800-171 brings multiple security-related benefits, including best practices for data access policies, reduced risk of data breaches and insider threats, and a scalable approach to protecting sensitive data.
Twitter users no longer have to supply a phone number in order to use two-step verification for authentication. The move will better protect accounts from SIM hijacking attempts and also means users don't have to sacrifice some of their privacy to enable a security feature.
The latest edition of the ISMG Security Report offers an analysis of how Twitter allegedly was used to spy on critics of the Saudi Arabian government. Also featured: A preview of the new NIST Privacy Framework and an update on business email compromise attacks.
By year's end, the National Institute of Standards and Technology should be ready to publish the first version of its privacy framework, a tool to help organizations identify, assess, manage and communicate about privacy risk, says NIST's Naomi Lefkovitz, who provides implementation insights.
License plate and traveler photos collected at the U.S. border have been compromised after a federal government subcontractor was hacked. While Customs and Border Protection officials claim the image data hasn't been seen online, security experts say it's already available for download via a darknet site.
With privacy laws becoming global and mainstream, the concept of "adequate security" is becoming a legal mandate across many verticals. The overlap between privacy and security calls for new ways for these two teams to collaborate, communicate more effectively, and use common tools.
Use this guide to learn the...
The U.S. government shutdown is impacting agencies integral to the nation's cybersecurity readiness, and experts fear its long-term impact on the country's cyberattack response capabilities, as well as the risk that it will drive away desperately needed new cybersecurity talent from entering public service.
In an increasingly complex world of interconnected information systems and devices, more must be done to protect critical infrastructure, says Ron Ross of the National Institute of Standards and Technology.
The Financial Services Sector Coordinating Council recently unveiled the Cybersecurity Profile - a framework that integrates widely used standards and supervisory expectations to help financial institutions develop cyber risk management programs. Josh Magri of the Bank Policy Institute outlines key elements.
The latest version of the NIST Cybersecurity Framework - Version 1.1 - includes more information on supply chain risk management, authentication, authorization, identity proofing and self-assessing cybersecurity risk management, says Matthew Barrett of the National Institute of Standards and Technology.
A database security blunder revealed on Friday serves as a reminder that the days of SMS-based authentication should be over. The exposed database, which wasn't protected by a password, contained 26 million text messages, many of which were two-step verification codes and account-reset links.
As cyber threats grow and regulatory regimes strengthen, global enterprises increasingly are in search of a common cybersecurity framework to improve their abilities to be both secure and compliant. At the heart of this discussion is the NIST Cybersecurity Framework, which has emerged as a de facto global standard....