Evaluating cybersecurity risk

Cyber roundup

*** The Department of Homeland Security updated its Stop Think Connect resources for October, National Cybersecurity Awareness Month. The 2019 Toolkit is a comprehensive guide to make it easier for organizations to promote and share core cybersecurity themes and critical messages. The government section features one-page guides that federal, state and local agencies can use to keep employees up to date.

*** The National Institute of Standards and Technology released a draft publication on zero-trust architecture for public comments. The document defines ZTA and its general deployment models and describes use cases where ZTA could improve an enterprise’s overall IT security posture. It also includes a gap analysis of areas where more research and standardization are needed, along with a high-level roadmap for enterprises implementing a ZTA approach.  Comments are due Nov. 22. More here.

*** The Cybersecurity and Infrastructure Security Agency has released four new CISA Insights products. Informed by U.S. intelligence and real-world events, each provides background on a particular cyber threat and the vulnerabilities they exploit as well as activities that non-federal partners can implement to reduce impact. The latest CISA Insights cover mitigating DNS infrastructure tampering, remediating vulnerabilities in internet-accessible systems, securing high-value assets and enhancing email and web security. More here.

*** CISA also released guidelines and a workbook to help the transportation sector apply the tenets of the NIST Cybersecurity Framework.  The resources address how organizations can characterize their current cybersecurity posture; identify opportunities for enhancing existing cyber risk management programs; implement the framework; and communicate their risk management issues to stakeholders. More here.

About the Author

Connect with the GCN staff on Twitter @GCNtech.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.