Security News

Vulnerability management solutions rely on NVD. In the meantime, enterprise defenders have effectively lost a critical resource, since many vulnerability scanners and other vulnerability managament tools rely on the CPE entires set by the NVD to pinpoint and address security vulnerabilities affecting an ogranization's systems. NVD is not the only vulnerability database out there.

Throughout CSF 2.0, NIST recommendations dovetail with SaaS security needs. Read about how to apply the NIST 2.0 guidelines to your SaaS stack.

TechRepublic's cheat sheet about the NIST CSF is an overview of this new government recommended best practice, and it includes steps on implementing the security framework. Is the NIST cybersecurity framework just for government use?

Overcoming the pressures of cybersecurity startup leadershipIn this Help Net Security interview, Kunal Agarwal, CEO at Dope Security, offers a look into the CEO's leadership philosophy, the process of building a high-caliber team, and the unique challenges of navigating a startup in the tech industry. How organizations can navigate identity security risks in 2024In this Help Net Security interview, Deepak Taneja, CEO of Zilla Security, discusses identity security risks and threats.

The CSF 2.0, which supports implementation of the National Cybersecurity Strategy, has an expanded scope that goes beyond protecting critical infrastructure, such as hospitals and power plants, to all organizations in any sector. The CSF's governance component emphasizes that cybersecurity is a major source of enterprise risk that senior leaders should consider alongside others such as finance and reputation.

After ten years operating under the original model, and two years working to revise it, the National Institute of Standards and Technology has released version 2.0 of its Cybersecurity Framework. Unlike the original, which was designed with critical infrastructure sectors in mind, CSF 2.0's scope has been expanded to suitable security tips for organizations in any sector and of any size "Regardless of their degree of cybersecurity sophistication," NIST said.

NIST has expanded the CSF's core guidance and developed related resources to help users get the most out of the framework."The NIST CSF 2.0 update significantly impacts the security of software supply chains, addressing the integration of open source, commercial components, in-house developed software, and Commercial Off-The-Shelf products. NIST CSF 2.0 could be a key instrument for helping CISOs better define and build up controls that will improve security outcomes, providing direction to address critical asset protection, reduce or eliminate risk of material impact, and prevent any breach of duty for failing to adhere to regulatory and compliance regulations," Saša Zdjelar, Chief Trust Officer at ReversingLabs, told Help Net Security.

The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of...

The National Institute of Standards and Technology established the AI Safety Institute on Feb. 7 to determine guidelines and standards for AI measurement and policy.An interesting omission on the list of U.S. AI Safety Institute members is the Future of Life Institute, a global nonprofit with investors including Elon Musk, established to prevent AI from contributing to "Extreme large-scale risks" such as global war.

NIST CSF is based on existing standards, guidelines, and practices for organizations to manage and reduce cybersecurity risk better. It was designed to foster risk and cybersecurity management communications amongst internal and external organizational stakeholders.