Security News

The evolution of security metrics for NIST CSF 2.0
2024-05-28 05:00

The NIST Cybersecurity Framework 2.0 underscored that metrics like these alone are insufficient and probably even improper when used as proxies for security outcomes. Combining effective use of metrics plus a deeper understanding of how security processes play out is the best way to build more security agility and enable teams to react more quickly and effectively.

Zoom Adopts NIST-Approved Post-Quantum End-to-End Encryption for Meetings
2024-05-22 04:46

Popular enterprise services provider Zoom has announced the rollout of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with support for Zoom Phone and Zoom Rooms coming in the future....

NIST Cybersecurity Framework: A Cheat Sheet for Professionals (Free PDF)
2024-04-22 16:00

The tech world has a problem: Security fragmentation. There's no standard set of rules or even language for mitigating cyber risk used to address the growing threats of hackers, ransomware and stolen data, and the threat to data only continues to grow.

NVD: NIST is working on longer-term solutions
2024-04-03 10:14

"Currently, we are prioritizing analysis of the most significant vulnerabilities. In addition, we are working with our agency partners to bring on more support for analyzing vulnerabilities and have reassigned additional NIST staff to this task as well." What is NIST NVD and why it's critical for cybersecurity?

NIST’s NVD has encountered a problem
2024-03-19 13:44

Vulnerability management solutions rely on NVD. In the meantime, enterprise defenders have effectively lost a critical resource, since many vulnerability scanners and other vulnerability managament tools rely on the CPE entires set by the NVD to pinpoint and address security vulnerabilities affecting an ogranization's systems. NVD is not the only vulnerability database out there.

How the New NIST 2.0 Guidelines Help Detect SaaS Threats
2024-03-18 13:51

Throughout CSF 2.0, NIST recommendations dovetail with SaaS security needs. Read about how to apply the NIST 2.0 guidelines to your SaaS stack.

NIST Cybersecurity Framework: A Cheat Sheet for Professionals
2024-03-08 20:00

TechRepublic's cheat sheet about the NIST CSF is an overview of this new government recommended best practice, and it includes steps on implementing the security framework. Is the NIST cybersecurity framework just for government use?

Week in review: LockBit leak site is back online, NIST updates its Cybersecurity Framework
2024-03-03 09:00

Overcoming the pressures of cybersecurity startup leadershipIn this Help Net Security interview, Kunal Agarwal, CEO at Dope Security, offers a look into the CEO's leadership philosophy, the process of building a high-caliber team, and the unique challenges of navigating a startup in the tech industry. How organizations can navigate identity security risks in 2024In this Help Net Security interview, Deepak Taneja, CEO of Zilla Security, discusses identity security risks and threats.

NIST Cybersecurity Framework 2.0
2024-03-01 12:08

The CSF 2.0, which supports implementation of the National Cybersecurity Strategy, has an expanded scope that goes beyond protecting critical infrastructure, such as hospitals and power plants, to all organizations in any sector. The CSF's governance component emphasizes that cybersecurity is a major source of enterprise risk that senior leaders should consider alongside others such as finance and reputation.

NIST updates Cybersecurity Framework after a decade of lessons
2024-02-27 18:45

After ten years operating under the original model, and two years working to revise it, the National Institute of Standards and Technology has released version 2.0 of its Cybersecurity Framework. Unlike the original, which was designed with critical infrastructure sectors in mind, CSF 2.0's scope has been expanded to suitable security tips for organizations in any sector and of any size "Regardless of their degree of cybersecurity sophistication," NIST said.