Are you Managing the Risk Management Process?

On December 20, 2018, the National Institute of Standards and Technology (NIST) released the final version of its NIST Special Publication 800-37 Revision 2, a Risk Management Framework (RMF) addressing both security and privacy concerns in IT risk management. This update connects the RMF with NIST’s well-known Cybersecurity Framework (CSF), highlighting relationships that exist between the two documents.

Establishing Your Company’s INFOSEC Policy

Previously, we discussed ways to put Information Security, or INFOSEC, on everyone’s mind through entertaining but informative training. The creation of a security policy goes one step further by letting management and employees know what is expected and what actions are best in the interest of the business.

Calling a Spade a Spade… Incident Classification and Your Response Plan

During a cybersecurity incident response, decisions need to be made quickly and accurately. One way to speed up response is to tailor YOUR incident response strategies and tasks to different types of cybersecurity incidents. By creating an incident classification framework or matrix, you will be able to prioritize incident response efforts and develop meaningful metrics for future remediation.

Analecta Cyber’s Emerging Threats Roundup

Google Play Store removes adware-infected Android apps; 9M user downloads

Security researchers at Trend Micro announced on January 8 they had identified 85 Google Play Store apps that repeatedly displayed ads and maliciously hid while running in the background.

Log Aggregators: Deciding Between Off the Shelf or Rolling Your Own

The NIST Cybersecurity Framework calls on organizations to monitor their information systems to identify unauthorized use, unauthorized local, remote and network connections, and indicators of potential attacks. To do this, NIST suggests collecting and correlating event data from multiple sources and sensors.