Aug 03 2022

NIST Gap Assessment Tool

Category: NIST CSFDISC @ 2:48 pm

NIST 800-171a/CMMC 2.0 Self-Assessment Guide

NIST Cybersecurity Framework – A Pocket Guide

DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Ask DISC an InfoSec & compliance related question

Tags: NIST 800-171, NIST Gap Assessment Tool


Feb 21 2022

New Version of the NIST CSF Tool

Category: NIST CSF,NIST PrivacyDISC @ 9:32 am
NIST CSF Tool

By John Masserini

THE NIST CSF TOOL

I am quite thrilled to announce that the long-overdue update to my NIST CSF tool V2.0 is finally done. While this new version generally looks the same as the prior one, there are substantial changes underneath which will make updating it in the future far easier.

Originally released in January of 2019, it has become the most popular page on the site, with almost 20,000 downloads. To get a full understanding of the tool, you can read the original post here which goes into great detail about why it was developed and how to use it.

After numerous requests, I have also added the NIST Privacy Framework to the tool as well. The same logic has been applied here as to the CSF side – it’s just as, or perhaps even more, important to measure what you do (your practices) against what you say you do (your policies) when it comes to Privacy as it is Security.

As always, I welcome suggestions and feedback. The email to reach me is in the worksheet.

You can find the new version on the Downloads page.

NIST Cybersecurity Framework: A pocket guide 

Tags: NIST CSF Tool


Jan 12 2022

NIST Cybersecurity Framework (CSF)

Category: Information Security,NIST CSFDISC @ 10:34 am

NIST Cybersecurity Framework – A Pocket Guide

NIST Cybersecurity Framework - A Pocket Guide

Tags: CSF, NIST Cybersecurity Framework


Mar 11 2021

Get More Value from NIST CSF, MITRE ATT&CK and COSO ERM with RiskLens

Category: Attack Matrix,NIST CSFDISC @ 11:13 pm

MITRE ATT&CK matrices

MITRE ATT&CK is a tool to help cybersecurity teams get inside the minds of threat actors to anticipate their lines of attack and most effectively position defenses. MITRE ATT&CK works synergistically with FAIR to refine a risk scenario (“threat actor uses a method to attack an asset resulting in a loss”).

Enter an asset into the MITRE ATT&CK knowledge base and it returns a list of likely threat actors and their methods to inform a risk scenario statement. It also helps to fill in color and detail for the FAIR factors, such as the relative strength of threat actors likely to go after an asset or the resistance strength of the controls around the asset, as well as the frequency of attack one might expect from these actors, based on internal or industry data (housed in the Data Helpers and Loss Tables on the RiskLens platform). All these are ultimately fed into the Monte Carlo simulation engine to show probable loss exposure for the scenario. The data we collect on our assets and threat actors can be stored in libraries on the platform for repeat use.

MITRE ATT&CK also suggests controls for mitigation efforts specific to attacks. As with the controls suggested by NIST CSF, we can assess those in the platform for cost-effectiveness in risk reduction in financial terms.

Finally, RiskLens + MITRE ATT&CK can help refine tactics for the first line of defense. With a clear sense of top risk scenarios generated by RiskLens, and a clear sense of attack vectors for those scenarios, the SOC can better prioritize among the many incoming alerts based on potential bottom-line impact.

Tags: MITRE ATT&CK


Nov 18 2020

Senate passes bill to secure internet-connected devices against cyber

Category: NIST CSF,NIST PrivacyDISC @ 11:40 pm

The Senate this week unanimously passed bipartisan legislation designed to boost the cybersecurity of internet-connected devices.

The Senate passes a bill that would require all internet-connected devices purchased by the US government to comply with NIST’s minimum security recommendations

The Internet of Things Cybersecurity Improvement Act would require all internet-connected devices purchased by the federal government — such as computers and mobile devices — to comply with minimum security recommendations issued by the National Institute of Standards and Technology.

The bill would require private sector groups providing devices to the federal government to notify agencies if the internet-connected device has a vulnerability that could leave the government open to attacks.

The legislation, which the Senate advanced on Tuesday, was passed unanimously by the House in September. It now heads to President Trump for a signature.

“Most experts expect tens of billions of devices operating on our networks within the next several years as the Internet of Things (IoT) landscape continues to expand,” Gardner noted in a separate statement. “We need to make sure these devices are secure from malicious cyber-attacks as they continue to transform our society and add countless new entry points into our networks. Ensuring that our government has the capabilities and expertise to help navigate the impacts of the latest technology will be important in the coming years and decades.”

Source: Senate passes bill to secure internet-connected devices against cyber











Dec 07 2019

NIST CyberSecurity Framework and ISO 27001

Category: Information Security,ISO 27k,NIST CSFDISC @ 6:54 pm

NIST CyberSecurity Framework and ISO 27001

[pdf-embedder url=”https://blog.deurainfosec.com/wp-content/uploads/2019/12/NIST_ISO_Green_Paper_NEW_V3___Final_Edits.pdf”]

How to get started with the NIST Cybersecurity Framework (CSF) – Includes Preso

Written Information Security Program (WISP) – ISO 27002, NIST Cybersecurity Framework & NIST 800-53
httpv://www.youtube.com/watch?v=B8QjwD6f4rc

What is ISO 27001?
httpv://www.youtube.com/watch?v=AzSJyfjIFMw

Virtual Session: NIST Cybersecurity Framework Explained
httpv://www.youtube.com/watch?v=nFUyCrSnR68





Enter your email address:

Delivered by FeedBurner




Tags: iso 27001, NIST CSF, NIST RMF


Oct 14 2019

The best practice guide for an effective infoSec function

Building ISMS

The best practice guide for an effective infoSec function: iTnews has put together a bit of advice from various controls including ISO 27k and NIST CSF to guide you through what’s needed to build an effective information security management system (ISMS) within your organization.

This comprehensive report is a must-have reference for executives, senior managers and folks interested in the information security management area.

 

Practice Guide

Open a PDF file The best practice guide for an effective infoSec function.

How to Build a Cybersecurity Program based on the NIST Cybersecurity Framework
httpv://www.youtube.com/watch?v=pDra0cy5WZI

Beginners ultimate guide to ISO 27001 Information Security Management Systems
httpv://www.youtube.com/watch?v=LytISQyhQVE

Conducting a cybersecurity risk assessment


Subscribe to DISC InfoSec blog by Email




Tags: isms


Sep 21 2019

How to get started with the NIST Cybersecurity Framework (CSF) – Expel

Category: NIST CSF,Security ComplianceDISC @ 11:02 am

We give you a quick tour of the NIST Cybersecurity framework and describe how you can baseline your efforts in a couple of hours. So check it out.

Source: How to get started with the NIST Cybersecurity Framework (CSF) – Expel

The CyberSecurity Framework Ver 1.1 Preso
[pdf-embedder url=”https://blog.deurainfosec.com/wp-content/uploads/2019/09/NIST-CSF-1.1-preso.pdf” title=”NIST CSF 1.1 preso”]

Virtual Session: NIST Cybersecurity Framework Explained
httpv://www.youtube.com/watch?v=nFUyCrSnR68

CSS2017 Session 14 SANS Training – NIST Cyber Security Framework
httpv://www.youtube.com/watch?v=I-s4bAzH7t0

Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certification | Edureka
httpv://www.youtube.com/watch?v=uk8-jJgu8-I

Free PDF download: NIST Cybersecurity Framework and ISO 27001 | IT Governance USA


Subscribe to DISC InfoSec blog by Email




Tags: NIST CSF