Public Group
active 8 hours, 10 minutes ago
Enhance cybersecurity awareness and survivability for DoD, industry partners, and academia in the face of the ever-increasing threat of cyber attacks. Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.
Group Admins
-
Design and Development Process for Assured Software - Volume 1
Volume 5 Issue 2
Welcome to this special Software Assurance (SwA) edition of the Journal of Cyber Security & Information Systems, published by the Cyber Security & Information Systems Information Analysis Center (CSIAC).Posted: 07/13/2017 18:46:56Journal -
The video will be available soon. Embedded devices are increasingly connected to network resources for additional functionality with the ultimate goal of greater mission capability. Recently, security of connected devices is being scrutinized with highly publicized vulnerabilities of various consumer devices. While several domains are starting to publish new guidelines for cybersecurity there is not… -
The use of manual methods to monitor system controls has essentially become impractical due to the growing number of applicable controls and the increasing frequency at which they are to be evaluated (for the RMF’s near real-time risk assessment). Instead, the NIST guidance strongly suggests that automation be used, to the extent possible, to generate,…
-
Social engineering is the psychological manipulation of a person to gain information or perform some action. Don't be fooled! Watch an example of Social Engineering in this related video: Social Engineering - A Short Story -
Electronic SIMs (or eSIMs) differ from their physical predecessors in that they don't lock users into a specific carrier network and would allow them to switch any device between an network instantly. eSIMs are already in select wearables, phones and PCs. It's easy to predict that eSIMS will be in a majority of IoT devices…
-
The NISTIR 8011 volumes focus on each individual information security capability, adding tangible detail to the more general overview given in NISTIR 8011 Volume 1, and providing a template for transition to a detailed, NIST standards-compliant automated assessment. This document, Volume 2 of NISTIR 8011, addresses the Hardware Asset Management (HWAM) information security capability. The…
-
This volume introduces concepts to support automated assessment of most of the security controls in NIST Special Publication (SP) 800-53. Referencing SP 800-53A, the controls are divided into more granular parts (determination statements) to be assessed. The parts of the control assessed by each determination statement are called control items. The control items are then…
-
As technology continues to evolve, the courts are being asked to apply existing laws to the new technology. In some cases, the answer is fairly straightforward, but in other cases it is more complicated and can yield varying outcomes based on how each court understands the technology and the legislators’ intent in passing the law. The presentation addressed cases over the past year in three main areas: (1) “unauthorized access” under the Computer Fraud and Abuse Act (CFAA), (2) encryption, and (3) searches and seizures generally.
-
On June 17, 2010 a small antivirus company established in Belarus discovered the Stuxnet worm. Later research would reveal that an earlier variant of the worm existed at least a year earlier. Stuxnet reputedly caused the physical degradation of some 1000 centrifuges at the Natanz facility in Iran, based on data of the International Atomic…
-
This webinar covers the realities of the Enterprise Mission Assurance Support Service (eMASS): what works well, what does not work, and how to best make it work for you. The webinar discusses how to categorize your system, select applicable controls, and leverage eMASS to assist in this process. Two specific topics that are covered are how inheritance works in eMASS (and does not work) and the tricky business of uploading STIGs/CKLs (and the painful lessons associated with doing it the wrong way). For those attending who don't have eMASS access but will have systems being added to eMASS in the future, we discuss how to best prepare your system for import into eMASS. There are some tricks to the trade that will make life easier for everyone on the project! -
US-Cert released Alert TA17-164A HIDDEN COBRA - North Korea's DDoS Botnet Infrastructure on June 13, 2017. "This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides technical details on the tools and infrastructure used by cyber actors…
-
Draft NISTIR 8170 provides guidance on how the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) can be used in the U.S. Federal Government in conjunction with the current and planned suite of NIST security and privacy risk management publications. The specific guidance was derived from current Cybersecurity Framework use. To provide federal agencies with…
-
Learn about Personally Identifiable Information (PII). Learn more about PII security awareness by watching this similar video podcast. -
Strengthening the Cybersecurity of federal networks and critical infrastructure.
-
This report was prepared pursuant to Section 401 of the Cybersecurity Act of 2015 (Consolidated Appropriations Act of 2016, Div. N, § 401, Pub. L. 114-113, 129 Stat. 2244, 2977-78 [2015]).
-
An insider threat is a malicious threat to an organization that comes from people within the organization. Learn how to spot some possible indicators of an insider threat. -
CSIAC Webinars - Democratize Anomaly Detection Technologies: Challenges, Advances, and Opportunities
This webinar highlights recent success in demonstrating substantial improvements in the accuracy under control-flow and data-oriented attacks in Linux, including malicious code reuse, security bypass, and service abuse. The webinar also describes exciting future research directions on hardware-assisted fast tracing, anomaly-detection as a service, supporting domain experts for inter-disciplinary anomaly discovery, and standardizing evaluation. -
NIST-approved cryptographic standards were designed to perform well on general-purpose computers. In recent years, there has been increased deployment of small computing devices that have limited resources with which to implement cryptography. When current NIST-approved algorithms can be engineered to fit into the limited resources of constrained environments, their performance may not be acceptable. For…
-
CryptoLocker is exploding and organizations large and small are being hit with ransomware attacks that hold their computers and networks hostage in exchange for ransom. Attacks have halted patient care and effectively stopped organizations in their tracks. Ransomware has been around for years, however, CryptoLocker attacks have risen sharply in recent months leaving organizations exposed and contemplating paying for their data. Join us for an in-depth look at ransomware and how you can avoid being the next target. -
Symantec has released a detailed report on ransomware.
- Load More
