What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-06 12:00:00 | A Peek at Privacy: Where We Started, Where We are Now, and What\'s Next (lien direct) | As part of NIST's 50th anniversary of cybersecurity, this month's blog post is centered on privacy at NIST. Since many of you have become familiar with the Privacy Engineering Program's popular Venn diagram showing the relationship between cybersecurity and privacy risks, let's use it to show how NIST has expanded and matured its understanding of privacy over the last 50 years. If we go back in time to the 1960s, data privacy really came into focus when the growing use of computers created concerns about secret databases of people's information. The report, Records, Computers, and the Rights | |||
|
2022-04-04 12:00:00 | NIST Seeks Input on International Aspects of the Cybersecurity Framework, Other Resources (lien direct) | Addressing global needs is a critical part of NIST's work in the evolution of the Cybersecurity Framework, especially as we continue to see international adaptions and use cases to address emerging risks. Recently translated into French and Ukrainian, the Framework is now available in 10 languages, and additional translations are in the works. With a growing user base around the world, the Framework is primed for an update that draws more deeply on international viewpoints. The recently released Request for Information (RFI) on “Evaluating and Improving NIST Cybersecurity Resources: The | |||
|
2022-03-23 12:00:00 | Cybersecurity Education and Workforce Development: Employer-Driven and Learner-Centered (lien direct) | In this installment of our 50th Anniversary of Cybersecurity series, we hear from NIST's Rodney Petersen, Director of the National Initiative for Cybersecurity Education (NICE). In this look back, Rodney offers a brief history of NICE, discusses recent advances in cybersecurity education and workforce development, and shares a few memories from around the community. In this year-long celebration of cybersecurity at NIST, we at the National Initiative for Cybersecurity Education (NICE) are proud to be the first to take a detailed look at some of the advances that have taken place to address | |||
|
2022-03-07 12:00:00 | Celebrating 50 Years of Cybersecurity at NIST! (lien direct) | With each day bringing new cybersecurity challenges and advances, it is easy to understand why people feel like it's hard to keep up. It is important to be agile and move quickly to avoid the consequences of cybersecurity attacks-and that need extends to government agencies, like NIST, as we work collaboratively with industry, academia, and government to help meet these challenges. Those of us at NIST realize that we have a responsibility to keep an eye on current needs AND on potential future needs including changes in technologies and threats that could affect the ability of organizations to | |||
|
2022-02-16 12:00:00 | Our Quest: Advancing Product Labels to Help Consumers Consider Cybersecurity (lien direct) | For many decades, consumers have relied on labels to help them make decisions about which products to buy. Sometimes the labels make assertions about what ingredients or components the product uses. (What's in that peanut butter?) Other times labels claim a level of performance. (How much storage does that laptop have?) These statements may come from the manufacturer or from a third party who has reviewed and perhaps tested the product. (This appliance has been tested to meet specific electrical safety standards) Labels have assisted manufacturers and retailers to help consumers make more | |||
|
2022-01-28 12:00:00 | Help Celebrate Data Privacy Week & NIST Privacy Framework\'s 2nd Birthday! (lien direct) | Today's blog celebrates Data Privacy Week, an international awareness initiative led by the National Cyber Security Alliance to help spread awareness about online privacy. NIST is very proud to participate again this year in this initiative that was successfully expanded from a single day event to a weeklong effort. At NIST, our NIST Privacy Engineering Program plays an integral role in establishing trustworthiness in information system technologies. This blog aims to highlight NIST's accomplishments in the privacy field, as well as celebrate the two-year anniversary of the NIST Privacy | |||
|
2022-01-24 12:00:00 | Differential Privacy: Future Work & Open Challenges (lien direct) | In this series of blog posts, we have tried to give an accessible overview of the state-of-the-art in differential privacy. In this final post, we review some of the open challenges in the practical use of differential privacy, and conclude with a summary of contexts where differential privacy is already ready for deployment and what comes next. Setting the Privacy Parameter The impact of the privacy parameter (or privacy budget) ε has been a consistent theme throughout this series. Conceptually, the privacy parameter is simple: smaller values of ε yield better privacy, and larger values yield | |||
|
2022-01-12 12:00:00 | Hot Topics in Consumer Cybersecurity Labeling – Our December 2021 Workshop (lien direct) | On May 12, 2021 the White House released an Executive Order (EO) on Improving the Nation's Cybersecurity which, among other things, tasked NIST to develop cybersecurity criteria and labeling approaches for consumer software and Internet of Things (IoT) products. Activity since then includes a call for papers, multiple workshops, draft criteria, and processing all of the feedback received. The goal of the latest workshop on December 9th was to provide the community an update, answer questions, and gather a final round of feedback which will be factored into final criteria to be released at the | |||
|
2021-12-21 12:00:00 | How to deploy machine learning with differential privacy (lien direct) | We are delighted to introduce the final guest authors in our blog series, Nicolas Papernot and Abhradeep Thakurta, research scientists at Google Brain, whose research explores applications of differential privacy to machine learning. - Joseph Near and David Darais Previous posts in this series have explored differential privacy for traditional data analytics tasks, such as aggregate queries over database tables. What if we want to use state-of-the-art techniques like machine learning? Can we achieve differential privacy for these tasks, too? Machine learning is increasingly being used for | |||
|
2021-12-15 12:00:00 | NIST Launches New International Cybersecurity and Privacy Resources Website (lien direct) | Every day, NIST cybersecurity and privacy resources are being used throughout the world to help organizations manage cybersecurity and privacy risks. To assist our international colleagues, NIST has launched a new International Cybersecurity and Privacy Resources Site. The site includes translations of the Cybersecurity Framework, including a newly published Indonesian translation. You can get more information and add to this list by reaching out to intl-cyber-privacy [at] nist.gov. Check out this site for information on upcoming international events with NIST participation, links to these | |||
|
2021-12-02 12:00:00 | Convergent Evolution: SP 800-213, the Federal Profile, and the IoT Cybersecurity Catalog (lien direct) | NIST has been engaged for several years in developing guidance for Internet of Things (IoT) cybersecurity. We've held workshops, talked with stakeholders, published drafts, listened to your feedback, refined the content and presentation of our draft guidance, and now are proud to present the updated SP 800-213 and the updated catalog of capabilities in SP 800-213A. But always remember: The goal is to manage your risk … The IoT Cybersecurity Act of 2020 stated requirements for NIST to provide guidance for federal agencies on “the appropriate use and management by agencies of [IoT] devices” | |||
|
2021-11-29 12:00:00 | Utility Metrics for Differential Privacy: No One-Size-Fits-All (lien direct) | In previous posts we discussed different ways to implement differential privacy, each of which offers some trade-off between privacy and utility. But what does “utility” mean, and how do we know we are preserving it? To discuss this topic, we are delighted to introduce another guest author in our blog series, Claire McKay Bowen, Lead Data Scientist for Privacy and Data Security at the Urban Institute. Claire's research focuses on assessing the quality of differentially private data synthesis methods and science communication. In 2021, the Committee of Presidents of Statistical Societies | Guideline | ||
|
2021-11-03 12:00:00 | Privacy-Enhancing Cryptography to Complement Differential Privacy (lien direct) | In previous posts we discussed many aspects of differential privacy: what it is, what it is useful for, and how it is applied to data analysis problems. All of those ideas can be applied once you get your hands on a whole dataset. What if the data you are interested in extracting insights from belongs to mutually distrusting organizations? For example, say you run a pumpkin spice latte stand and are wondering if your pumpkin spice supplier is overcharging you compared to the industry-wide average. You are willing to participate in a study that computes this average, but not comfortable giving | |||
|
2021-10-27 12:00:00 | Cybersecurity Awareness Month: Cybersecurity First (lien direct) | This week's blog post highlighting Cybersecurity Awareness Month is from NIST's Marian Merritt, Deputy Director and Lead for Industry Engagement for the National Initiative for Cybersecurity Education (NICE). In this post, Marian discusses ways to minimize cybersecurity risks for small businesses. How did you end up at NIST working on small business cybersecurity projects? Like many in the cybersecurity industry, my career path to my current role was anything but a straight line. I began in the marketing field, working in consumer-packaged goods. It was that experience translating consumer | Guideline | ||
|
2021-10-12 12:00:00 | Cybersecurity Awareness Month: Fight the Phish (lien direct) | This week's blog post highlighting Cybersecurity Awareness Month is from NIST's Dr. Shaneé Dawkins, Computer Scientist in ITL's Visualization and Usability Group. In this post, Shaneé discusses Phishing attacks and scams, as well as ways to keep your information protected. How did you end up at NIST working on cybersecurity projects? I have been a computer scientist in ITL's Visualization and Usability Group for about 10 years conducting research on the human aspects of information technology. At the end of 2019, an opportunity was presented to join the group's Usable Cybersecurity program and | |||
|
2021-10-04 12:00:00 | Cybersecurity Awareness Month: Explore. Experience. Share (lien direct) | This week's blog post highlighting Cybersecurity Awareness Month kicks off our series and is from NIST's Dave Temoshok, Senior Advisor in the Information Technology Laboratory Applied Cybersecurity Division. In this post, Dave discusses how to “Be Cyber Smart” with passwords by using Multifactor Authentication best practices. How did you end up at NIST working on cybersecurity projects? I currently serve as the Senior Advisor in the NIST Information Technology Laboratory Applied Cybersecurity Division. In general, I am responsible for digital identity management standards, guidance, and | |||
|
2021-09-13 12:00:00 | Virtual Events Amplify NISTâs Cybersecurity and Privacy International Engagements (lien direct) | For the past many months, NIST has taken advantage of the shift to online events to deepen our international engagement. NIST looked overseas as we kicked off our virtual Cybersecurity Risk Management webinar series in May, along with our co-hosts from the Center for Cybersecurity Policy and Law. The event on May 25 drew registrants from over 70 countries and we shared and heard perspectives on international cybersecurity risk management. The event featured a panel discussion with speakers from Microsoft, NTT, the National Cyber Security Centre Ireland, and NIST focusing on the release of | |||
|
2021-08-11 12:00:00 | Staff Spotlight: NISTâs Human Factors Scientist (lien direct) | For years, NIST has been conducting research in the areas of human-centered design and evaluation, usable cybersecurity, public safety communication technology, augmented-reality usability, biometrics usability, human factors, and cognitive engineering. We asked Yee-Yin Choong, a Human Factors Scientist in the Visualization and Usability Group, Information Technology Laboratory at NIST about her research and experience working in this unique field. Yee-Yin's research goal is to understand people's perceptions, expectations, experiences, and behaviors of human-system interactions – including | |||
|
2021-07-22 12:00:00 | Automatic Proofs of Differential Privacy (lien direct) | We are excited to introduce our fourth guest author in this blog series, Chike Abuah, PhD student in computer science at the University of Vermont, whose research expands the state of the art in the subject of this blog post: static and dynamic analysis approaches to automatic proofs of differential privacy. - Joseph Near and David Darais Previously, we have discussed some differentially private algorithms and implementation bugs which can cause these algorithms to fail to protect privacy in practice. Previous posts have described two ways of addressing this problem: automated testing and | |||
|
2021-07-19 12:00:00 | IoT Non-Technical Supporting Capabilities: You Talked, We Listened (lien direct) | As part of our ongoing community engagement following the publication of four IoT cybersecurity draft documents in December 2020, NIST conducted a quartet of roundtable discussions in June 2021 focused on draft NISTIR 8259B, IoT Non-Technical Supporting Capability Core Baseline. The roundtables spanned four weeks, and addressed the four core capabilities defined in NISTIR 8259B as well as general discussions on applying the baseline: June 8: Documentation June 15: Information Reception and Dissemination June 22: Education and Awareness June 29: Applying the non-technical capabilities baseline | |||
|
2021-06-29 12:00:00 | Small Devices Can Cause Big Problems: Improving Enterprise Mobile Device Security (lien direct) | Mobile phones-those mini-computers in our pockets-are a permanent fixture in today's workplace. Managing and securing them is no simple task. Gema Howell, computer scientist and mobile device project lead at the National Institute of Standards and Technology's (NIST's) National Cybersecurity Center of Excellence (NCCoE), joined us for a recent Learning Series* webinar to discuss the challenges of enterprise mobile device security and privacy. She also shared tips for securing mobile devices. Below is a sneak peek into the discussion. You can watch the entire webinar here. Assess the Risks | Guideline | ||
|
2021-06-22 12:00:00 | Testing for Differential Privacy Bugs (lien direct) | We are excited to introduce our third guest author in this blog series, Dan Kifer, Professor of Computer Science at Penn State. Dr. Kifer's research spans many topics related to differential privacy and social data, and a selection of his work represents the state of the art in the subject of this blog post: testing methods for detecting differential privacy bugs. - Joseph Near and David Darais In the last post, we learned that it is fairly easy to introduce bugs in the design and implementation of differentially private algorithms. We also learned that it can be difficult to find them. In | |||
|
2021-06-16 12:00:00 | The US Cyber Games Launch First-Ever US Cybersecurity Team (lien direct) | Many of you might know me as the director of the National Initiative for Cybersecurity Education (NICE). NICE, it is a public-private partnership between academia, industry, and government that is promoting and energizing a community working together to advance an integrated ecosystem of cybersecurity education, training, and workforce development. Therefore, it should not be surprising that NICE is partnering with Katzcy, a SWaM (Small, Women-owned, and Minority-owned Business) certified Virginia firm, and others to standup the first-ever US Cyber Games competition and national team. However | |||
|
2021-06-09 12:00:00 | NIST Releases Tips & Tactics for Control System Cybersecurity (lien direct) | The impact of cybersecurity breaches on infrastructure control system owners/operators is more visible than ever before. Whether you work for an infrastructure owner/operator or are a consumer of an infrastructure service, the events of the past few months have made it clear that cybersecurity is an important factor in ensuring the safe and reliable delivery of goods and services. For infrastructure control system owners/operators, it can be challenging to address the range of cybersecurity threats, vulnerabilities and risks that can negatively impact their operations, especially with limited | |||
|
2021-05-25 12:00:00 | Differential Privacy Bugs and Why They\'re Hard to Find (lien direct) | In previous posts we have explored what differential privacy is, how it works, and how to answer questions about data in ways that protect privacy. All of the algorithms we've discussed have been demonstrated via mathematical proof to be effective for protecting privacy. However, when translating these algorithms from paper to code, it's possible to introduce bugs in the resulting software which can result in failure to protect privacy. In this post we'll explore what these bugs typically look like, why it is so hard to detect them, and approaches to software assurance that can ensure your | |||
|
2021-05-19 12:00:00 | The Foundation for Interoperable and Portable Security Automation is Revealed in NIST\'s OSCAL Project (lien direct) | Today's blog is from Michaela Iorga, Senior Technical Lead of the Computer Security Division (CSD) in the Information Technology Laboratory at NIST. Michaela's team at NIST is working with the industry to develop the Open Security Controls Assessment Language (OSCAL). OSCAL is a set of formats expressed in XML, JSON, and YAML. These formats provide machine-readable representations of control catalogs, control baselines, system security plans, and assessment plans and results. We asked Michaela a series of questions about the OSCAL project, which have been answered by her, below. Why was the | Guideline | ★★★ | |
|
2021-05-13 12:00:00 | NIST Cybersecurity and Privacy International Engagement Updates (lien direct) | A lot has changed for all of us over the last year as the result of the pandemic. In the NIST Information Technology Laboratory (ITL), we have continued our international engagement in new and creative ways, leading to more robust and meaningful discussions with our stakeholders. It's more critical than ever for NIST to work with and learn from our partners around the world, particularly in the areas of cybersecurity and privacy. We're excited to share some updates in these areas and look forward to more collaboration in coming months! Translations of key documents often are an essential step | Guideline | ||
|
2021-05-13 12:00:00 | RSA Conference 2021 to Showcase Resilience, Featuring NIST Experts (lien direct) | The RSA Conference 2021 kicks off virtually May 17, and NIST's cybersecurity experts will be on hand out of the gate to discuss the latest in cybersecurity guidance, practical solutions, and metrics. The conference theme this year is Resilience – an especially timely theme for a world wearied by a year of pandemic. The sudden, massive uptick in working from home, distance learning, and telehealth in late March 2020 illustrated more starkly than ever before the imperative of effective cybersecurity. Widespread cyber attacks made clear the necessity of resilient networks, systems, and tools. As | |||
|
2021-05-03 12:00:00 | Differentially Private Synthetic Data (lien direct) | In this series, we've examined several different ways to answer queries over data using differential privacy. So far each approach requires changing the way we answer queries - usually by adding noise to the answer - and modifying the tools we would normally use for analyzing data. What if we want to use existing data analysis tools, but still protect privacy? For example, the marketing department of our pumpkin spice latte company might be accustomed to exporting sales data to a spreadsheet at the end of each month to analyze sales trends using a popular spreadsheet application. They would | |||
|
2021-04-14 12:00:00 | Join the Team! Announcing the Launch of the NIST Privacy Workforce Public Working Group (lien direct) | When it comes to managing privacy risks, workforce is a key consideration. According to a recent IAPP/FairWarning report, on average, even mature privacy programs have only three employees dedicated to privacy. This is why we included workforce as a priority area in the NIST Privacy Framework Roadmap. The benefits of using the Privacy Framework are enhanced when organizations have a sufficient pool of knowledgeable and skilled privacy professionals to draw from. In response to stakeholder challenges with privacy workforce recruitment and development, we are planning to create a privacy | |||
|
2021-03-25 12:00:00 | Differential Privacy for Complex Data: Answering Queries Across Multiple Data Tables (lien direct) | We are excited to introduce our second guest author in this blog series, Xi He, assistant professor of Computer Science at the University of Waterloo, whose research represents the state of the art in the subject of this blog post: answering queries with joins while preserving differential privacy. - Joseph Near and David Darais So far in this blog series, we have discussed the challenges of ensuring differential privacy for queries over a single database table. In practice, however, databases are often organized into multiple tables, and queries over the data involve joins between these | |||
|
2021-03-24 12:00:00 | Stakeholders: The “Be-All and End-All” of NIST\'s Cybersecurity and Privacy Work (lien direct) | When it comes down to it, NIST's cybersecurity and privacy work is all about its stakeholders. Our researchers and other staff can do the most extraordinary work to advance the state of the art or solve problems in these areas – but our success truly should only be measured by the difference we make in providing the best possible and most useful tools and information. That's why we put such a high premium on engaging with the public and private sectors, academia, and other stakeholders. NIST counts on developers, providers, and everyday users of cybersecurity and privacy technologies and | |||
|
2021-03-15 12:00:00 | NIST Risk Management Framework Team Did Some Spring Cleaning! (lien direct) | Check out our new and improved Risk Management Framework (RMF) website that better highlights the resources NIST developed to support implementers. In addition to the look, we have: updated the layout of the site to focus on the RMF steps, identified specific resources and tools available for each RMF step, included supporting NIST publications for each RMF step, updated the RMF logo, and Featured resources specific to the NIST Security and Privacy Controls in Special Publication (SP) 800-53, such as: a new, web-based version of the SP 800-53, Revision 5 controls and SP 800-53B control | |||
|
2021-02-24 12:00:00 | There\'s Still Time to Comment on IoT Cybersecurity Guidance – Send Us Your Feedback Today! (lien direct) | Throughout this snowy winter, NIST has been listening to the valuable feedback received on our recent flurry of IoT cybersecurity guidance drafts, including draft NISTIRs 8259B, 8259C, 8259D, and draft Special Publication 800-213. We have extended the comment deadline for all four draft publications to February 26th, and we hope reviewers will use the extra time to let us know what they think about this exciting new work. To those who have already submitted comments and reviews on the draft publications, thank you! We also want to thank everyone who participated virtually in our January 26th | |||
|
2021-02-02 12:00:00 | 2021: What\'s Ahead from NIST in Cybersecurity and Privacy? (lien direct) | In 2020, NIST prioritized helping individuals and organizations shift to a more online environment to keep people safe and our economy productive. Despite the many challenges brought by the pandemic, we were fortunate to be able to continue our work on an array of new resources to help manage cybersecurity and privacy risks. As NIST looks ahead to the “new normal,” we plan to build on lessons learned during the pandemic and to be even more strategic in anticipating and tackling the many challenges ahead. We've made New Year's resolutions: to increase our attention on managing cybersecurity | |||
|
2021-01-14 12:00:00 | Happy First Birthday, NIST Privacy Framework! (lien direct) | Grab a cupcake or several-no judgement-and join us in celebrating the first birthday of the NIST Privacy Framework! Here at NIST, we feel like proud parents supporting the framework's implementation over the past year, listening to all the amazing things stakeholders have to say, and learning from the organizations who are already using it. We have lots of “gifts” for you, our stakeholders, so read on to learn all about them! One Year with the Privacy Framework Like everyone, we can't say good-bye fast enough to 2020, but there's no doubt that the attention that the framework has been getting | ★★★★★ | ||
|
2020-12-18 12:00:00 | Cybersecurity Insights Blog: Year-In-Review 2020 (lien direct) | We can all agree that 2020 has been a year we won't forget anytime soon. Faced with unanticipated challenges, new concerns, and constant adjustments forced by the global pandemic, we were compelled to rethink the ways in which we work, study, and socialize. In many cases, this meant transferring day-to-day activities to an online environment, which pushed organizations of every kind to re-examine their approaches to cybersecurity. A positive note is that these changes presented a prime opportunity to highlight the criticality of cybersecurity and promote increased awareness and best practices | |||
|
2020-12-17 12:00:00 | Summation and Average Queries: Detecting Trends in Your Data (lien direct) | This post is part of a series on differential privacy. Learn more and browse all the posts published to date on the differential privacy blog series page in NIST's Privacy Engineering Collaboration Space. In our last post, we discussed how to determine how many people drink pumpkin spice lattes in a given time period without learning their identifying information. But say, for example, you would like to know the total amount spent on pumpkin spice lattes this year, or the average price of a pumpkin spice latte since 2010. You'd like to detect these trends in data without being able to learn | |||
|
2020-12-15 12:00:00 | Rounding Up Your IoT Security Requirements: Draft NIST Guidance for Federal Agencies (lien direct) | IoT devices are becoming integral elements of federal information systems, which is why NIST has released for public review draft guidance on defining federal IoT cybersecurity requirements, including supporting non-technical requirements. These four new documents expand the range of guidance for IoT cybersecurity, with the goal of ensuring IoT devices are integrated into the security and privacy controls of federal information systems. This figure illustrates the relationships among the documents. The new documents are: SP 800-213, IoT Device Cybersecurity Guidance for the Federal Government | |||
|
2020-10-29 12:00:00 | Counting Queries: Extracting Key Business Metrics from Datasets (lien direct) | This post is part of a series on differential privacy. Learn more and browse all the posts published to date on the differential privacy blog series page in NIST's Privacy Engineering Collaboration Space. How many people drink pumpkin spice lattes in October, and how would you calculate this without learning specifically who is drinking them, and who is not? While they seem simple or trivial, counting queries are used extremely often. Counting queries such as histograms can express many useful business metrics. How many transactions took place last week? How did this compare to the previous | ★★★ | ||
|
2020-10-26 12:00:00 | Essential Cybersecurity for the Hotel Tech Community (lien direct) | In recent years criminals and other attackers have compromised the networks of several major hospitality companies, exposing the information of hundreds of millions of guests.[1] A hotel property management system (PMS) is a prime target for attackers – it serves as the information technology operations and data management hub of a hotel and could give a criminal access to a trove of valuable data. To address these challenges, NIST's National Cybersecurity Center of Excellence (NCCoE) collaborated with the hospitality business community and cybersecurity technology providers to demonstrate how | ★★★★★ | ||
|
2020-10-20 12:00:00 | Cybersecurity Awareness Month: What\'s New at NIST on IOT Security? (lien direct) | Here's a one-question multiple-choice test: What's new at NIST on Internet of Things (IoT) security? (a) SP 800-213: IOT Device Cybersecurity Guidance for the Federal Government: An Approach for Establishing IOT Device Cybersecurity Requirements (b) NISTIR 8259X: Profiles of the IOT Core Baseline for the Federal Government (c) Essay: Creating a Profile of the IOT Core Baseline (d) All of the above The correct answer is: (d) Thank you to everyone who participated in NIST's July workshop on Building the Federal Profile For IoT Device Cybersecurity: Next Steps for Securing Federal Systems and | |||
|
2020-10-19 12:00:00 | Cybersecurity Awareness Month: Securing Internet-Connected Devices in Healthcare (lien direct) | The healthcare industry is increasingly relying upon internet-connected devices and solutions to improve patient care, organizational efficiency, speed of crisis response, and much more. The emergence of telemedicine, digital health records, internet-connected medical devices, patient wellness apps, and an increasing amount of third parties entering the health supply chain has created many benefits, but has also exposed the industry to vulnerabilities that cyber criminals regularly attempt to exploit. Last week's Cybersecurity Awareness Month blog highlighted Julie Haney's, Ph.D., lead for the | Guideline | ||
|
2020-10-13 12:00:00 | (Déjà vu) Cybersecurity Awareness Month: Securing Devices at Home and Work (lien direct) | 2020 saw a major disruption in the way many people work, learn, and socialize online. Our homes are more connected than ever. Our businesses are more connected than ever. With more people now working from home, these two internet-connected environments are colliding on a scale we've never seen before, introducing a whole new set of potential vulnerabilities for users. The second blog highlighting NIST resources for Cybersecurity Awareness Month is from NIST's Julie Haney, Ph.D., lead for the NIST Usable Cybersecurity Program. In this blog post, Dr. Haney discusses some of the steps users and | Guideline | ||
|
2020-10-01 12:00:00 | Selecting Security and Privacy Controls: Choosing the Right Approach (lien direct) | Recently, NIST published a significant update to its flagship security and privacy controls catalog, Special Publication 800-53, Revision 5. This update created a set of next generation controls to help protect organizations, assets, and the privacy of individuals-and equally important-manage cybersecurity and privacy risks. So now that the publication is here, how should you use this extensive catalog of controls that covers everything from multifactor authentication to incident response? How do you select the right controls for your organization and the associated security and privacy | ★★★ | ||
|
2020-09-30 12:00:00 | NIST Celebrates October as Cybersecurity Awareness Month (lien direct) | NIST is once again proud to be celebrating Cybersecurity Awareness Month this October! As this year has been one of the more challenging in memory, it is imperative that we continue to remember the importance of cybersecurity across the nation and ensure that all Americans have the resources they need to be more secure online. To show our dedication to cybersecurity, we have teamed up with the National Cyber Security Alliance (NCSA) to be a 2020 Champion Organization, which means we are dedicated to promoting a safer, more secure, and more trusted Internet. NIST, along with NCSA, other | ★★ | ||
|
2020-09-23 12:00:00 | The Next Generation Security and Privacy Controls-Protecting the Nation\'s Critical Assets (lien direct) | It has been seven years since the last major update to NIST's flagship security and privacy guidance document Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations. Since 2013, the publication has been accessed or downloaded from the NIST web site millions of times. This month, NIST unveiled an historic update to its security and privacy controls catalog that will provide a solid foundation for protecting organizations and systems-including the personal privacy of individuals-well into the 21st century. NIST SP 800-53, Revision 5 is not just a | ★★ | ||
|
2020-09-15 12:00:00 | Threat Models for Differential Privacy (lien direct) | This post is part of a series on differential privacy. Learn more and browse all the posts published to date on the differential privacy blog series page in NIST's Privacy Engineering Collaboration Space. It's not so simple to deploy a practical system that satisfies differential privacy. Our example in the last post was a simple Python program that adds Laplace noise to a function computed over the sensitive data. For this to work in practice, we'd need to collect all of the sensitive data on one server to run our program. What if that server gets hacked? Differential privacy provides no | Threat | ||
|
2020-09-14 12:00:00 | Staff Spotlight: NIST Post-Quantum Cryptography (lien direct) | In July, NIST announced the third-round candidates for the Post Quantum Cryptography (PQC) Standardization Project, intended to determine the best algorithms to help form the first post-quantum cryptography standard. For decades, NIST has been actively involved in cryptography, and NIST mathematicians like Dr. Angela Robinson predict future quantum computers could break the current public-key cryptography tools. A solution is needed now to protect many current websites and applications from future attacks. We asked Dr. Robinson several questions about her work with post-quantum cryptography | |||
|
2020-08-21 12:00:00 | Building the Federal Profile for IoT Device Cybersecurity | Post-Workshop Update (lien direct) | Thanks to everyone who attended our July 22-23 workshop, Building the Federal Profile for IoT Device Cybersecurity: Next Steps for Securing Federal Systems. And, of course, a special “thank you” to our panelists including government and industry representatives from around the United States and abroad. We were pleased to see over 500 participants – including nearly 200 attendees from the federal government representing nearly 30 agencies, as well as, state, local, and international government bodies. We were also grateful to have in attendance members of Congress, the news media, attorneys |
To see everything:
Our RSS (filtrered)
