HackingTheUniverse

You are browsing the archives of NIST Computer Security.

NIST (National Institute of Standards and Technology) has announced a new Special Publications (SP) series of documents called SP-1800, intended to augment the SP-800 series. SPECIAL PUBLICATIONS – [nist.gov] SP 1800, NIST Cybersecurity Practice Guides (2015-present): A new subseries created to complement the SP 800s; targets specific cybersecurity challenges in the public and private sectors; […]

Advanced Persistent Threat (APT) is a kind of attack comes from a team with advanced skills, deep resources, and specific targets. They use advanced tools and techniques that are capable of circumventing defenses. They use stealth and demonstrate good situational awareness in evaluating the state of the defenders they face. They respond quickly and with […]

The NIST Risk Management Framework (RMF) is a six step process as follows: Categorize both the information and the system based on impact. Select a baseline set of security controls. Implement the controls. Assess the effectiveness of the security controls. Authorize the system to operate. Monitor the ongoing state of protection the security controls are […]

The NIST revision to 800-53 controls that is known as rev4 added new controls related to insider threats. PM-12 (0) INSIDER THREAT PROGRAM – this is the master control requiring an insider threat program, including a team that is focused on insider threat incident handling. The team needs to have cross-discipline representation that allows them […]

We want to trust that the measures we take to protect our information systems are working. But we need concrete reasons to hold that trust. We need proof that our defensive controls are doing the job and are actually protecting the system. Those reasons and that proof are known as “Assurance”. Trust tends to be […]

NIST periodically revises their catalog of security controls, “NIST SP 800-53 Recommended Security Controls for Federal Information Systems”. Rev 4 is the most recent version. Here are some of the changes: BASELINES A few existing controls have been re-assigned to new IMPACT level baselines Many new controls have been added – some are not assigned […]

Network security monitoring includes intrusion detection, audit log correlation and analysis and other methods of detecting failures of our network protections. Continuous monitoring is not the same thing. Continuous monitoring is the process of checking our security controls to make sure they are working. Here is an article that explains some of the background: Continuous […]

NIST is working on a DRAFT revision to 800-53 controls that is known as rev4. The new controls include materials related to insider threats. PM-12 (0) INSIDER THREAT PROGRAM – this is the master control requiring an insider threat program, including a team that is focused on insider threat incident handling. The team needs to […]

It is a mantra of quality improvement methodology that you can’t manage what you don’t measure. Security metrics are the measurements that allow management of information security. As function and requirements change from network and organization to others, so will the requirements and design of security metrics change. But there are some standard and central […]

Security controls are functions, counter-measures, processes, safeguards and other efforts to minimize any potential impact from security risks. Security controls come in many different forms and categories: Policy and procedures – define ways to do things, establish methodologies for processes Proactive/Preventive controls – attempt to prevent security events from occurring Monitoring/Detection controls – establish ways […]