What is the NIST Cybersecurity Framework?

The National Institute of Standards released Version 1.0 of the NIST Cybersecurity Framework Feb 12, 2014. The Framework provides a common taxonomy and mechanism for organizations to describe current and target state cybersecurity postures, identify and prioritize opportunities for improvement, and communicate cybersecurity risk. The NIST Cybersecurity Framework Core consists of five concurrent and continuous […]

Read More

What is the NIST Cyber Security Framework?

Recognizing the national and economic security of the United States depends on the reliable function of critical infrastructure, the President issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. The Order directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices – for reducing […]

Read More

What are Some Various Compliance and Regulatory Frameworks?

Recognized frameworks include, at minimum, requirements that a regular vulnerability assessment of either the production network and / or web application be performed. Depending upon your environment the following frameworks potentially required these assessments: Sarbanes-Oxley (SOX); Statements on Standards for Attestation Engagements 16 (SSAE 16 / SOC 1); Service Organization Controls (SOC) 2 / 3; […]

Read More

What is HITRUST?

HITRUST: The Health Information Trust Alliance, or HITRUST, is a privately held company located in the United States that, in collaboration with healthcare, technology and information security leaders, has established a Common Security Framework (CSF) that can be used by all organizations that create, access, store or exchange sensitive and/or regulated data. The CSF includes […]

Read More

Tools That Should Be In Your Infosec Toolbox

Reference: http://www.proactiverisk.com/tools/ DISCLAIMER The following list of URL’s are a collection of resources broken down by category. The resources are listed numerically in no particular order except for tracking purposes Breach Laws State Breach Laws Hardening Guides Windows: CIS Security Benchmarks for Windows NSA Security Configuration Guides for Windows Microsoft Baseline Security Analyzer Microsoft PC Security Secunia Personal […]

Read More