Security News

The National Institute for Standards and Technology has published the draft version of SP 800-53: Security and Privacy Controls for Information Systems and Organizations. The publication provides a catalog of security and privacy controls that will help protect organizational operations and assets.

For years, the EFF has been saying that developing algorithms that the FBI and law enforcement can use to identify similar tattoos from images - similar to how automated facial recognition systems work - raises significant First Amendment questions. UNICAMP also said that its researcher - Prof. Léo Pini Magalhãe - is adding to the dataset by grabbing images of tattoos from the web: a practice that the EFF noted has increasingly come under fire from Congress in light of the Clearview AI face recognition scandal.

With people worldwide forced to work from home due to the coronavirus epidemic, NIST and DHS published a series of recommendations on how to ensure that virtual meetings and connections to enterprise networks are protected from prying eyes. The security of virtual meetings might often be an afterthought, but basic precautions can ensure that they don't lead to data breaches or other security incidents, says Jeff Greene, director of the National Cybersecurity Center of Excellence at the National Institute of Standards and Technology.

Challenges firms are facing in adopting the framework;. Why NIST is considering additional guidance for small business;.

The forensic engineers who help police gather evidence understand this even if it's not always been clear which methods are the most effective as extracting data accurately enough for it to meet standards of evidence. To examine the issue, the US National Institute of Standards and Technology says it recently conducted tests using 10 popular Android smartphones careful loaded with a mix of data accumulated during simulated use.

"We are more interested in ransomware that models behavior that we saw in the WannaCry attacks, where ransomware can exploit a vulnerability and propagate across a network," Ekstrom, who helped work on the documents, tells Information Security Media Group. One significant reason why NIST created these practice guidelines now is that the nature of ransomware has changed over the last two years, Ekstrom says.

It's time to patch your Cisco security solutions againCisco has released another batch of security updates and patches for a variety of its offerings, including many of its security solutions. Techniques and strategies to overcome Kubernetes security challengesFive security best practices for DevOps and development professionals managing Kubernetes deployments have been introduced by Portshift.

NIST has released a Privacy Framework to help you get your house in order. The brand new Privacy Framework 1.0 is the equivalent document for protecting peoples' personal privacy.

The National Institute of Standards and Technology last week announced version 1.0 of its Privacy Framework, a tool designed to help organizations manage privacy risks. NIST published a preliminary draft of the Privacy Framework in September 2019, when it requested public feedback.

The publication also provides clarification about privacy risk management concepts and the relationship between the Privacy Framework and NIST's Cybersecurity Framework. The NIST Privacy Framework is not a law or regulation, but rather a voluntary tool that can help organizations manage privacy risk arising from their products and services, as well as demonstrate compliance with laws that may affect them, such as the California Consumer Privacy Act and the European Union's General Data Protection Regulation.