-
Jan 13, 2025 | 
techtarget.com | Karen Scarfone
By Karen Scarfone, Scarfone Cybersecurity Published: 13 Jan 2025
Business email has been around a long time, but that doesn't mean it's always safe to use -- quite the contrary. As you sit here reading, malicious hackers and other cybercriminals are drawing a target on your company's back.
-
Nov 12, 2024 | 
nist.gov | Cherilyn Pascoe |Stephen Quinn |Karen Scarfone
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization — regardless of its size, sector, or maturity — to better understand, assess, prioritize, and communicate its cybersecurity efforts. The CSF does not prescribe how outcomes should be achieved.
-
Oct 21, 2024 | 
nist.gov | Stephen Quinn |Cherilyn Pascoe |Matthew Barrett |Karen Scarfone
This Quick-Start Guide describes how to apply the CSF 2.0 Tiers. CSF Tiers can be applied to CSF Organizational Profiles to characterize the rigor of an organization's cybersecurity risk governance and management outcomes.
-
Jun 5, 2024 | 
nist.gov | Cherilyn Pascoe |Stephen Quinn |Karen Scarfone
Citation NIST International Cybersecurity and Privacy Resources Site Pub Type Websites Citation Pascoe, C. , Quinn, S. and Scarfone, K.
-
Feb 26, 2024 | 
nist.gov | Nicole Keller |Stephen Quinn |Matthew Barrett |Karen Scarfone
The National Online Informative References (OLIR) Program is a NIST effort to facilitate subject matter experts in defining standardized Online Informative References (OLIRs), which are relationships between elements of documents from cybersecurity, privacy, and other information and communications technology domains. This document assists OLIR Developers in understanding the processes and requirements for participating in the Program.
-
Feb 26, 2024 | 
nist.gov | Nicole Keller |Stephen Quinn |Karen Scarfone |Matthew Smith
Information and communications technology (ICT) domains – such as cybersecurity, privacy, and Internet of Things (IoT) – have many requirements and recommendations made by national and international standards, guidelines, frameworks, and regulations. An Online Informative Reference (OLIR) provides a standardized expression of the relationships between concepts in such documents.
-
Feb 26, 2024 | 
nist.gov | Cherilyn Pascoe |Stephen Quinn |Karen Scarfone
The CSF 2.0 represents a suite of resources (documents and applications) that can be used individually, together, or in combination over time as cybersecurity needs change and capabilities evolve. NIST's materials are designed to reach all audiences and to span across industries and organization types—and this new set of Quick Start Guides focus on popular ways 'how' the CSF can be implemented for the goal of implementing and accessing security solutions quickly.
-
Feb 26, 2024 | 
nist.gov | Cherilyn Pascoe |Stephen Quinn |Karen Scarfone
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization — regardless of its size, sector, or maturity — to better understand, assess, prioritize, and communicate its cybersecurity efforts. The CSF does not prescribe how outcomes should be achieved.
-
Nov 16, 2023 | 
nist.gov | Stephen Quinn |Karen Scarfone |Matthew Barrett |Nahla Ivy
, , Karen Scarfone, Matthew Barrett, Larry Feldman, Daniel Topper, Greg Witte, Robert Gardner, Julie Chua The increasing frequency, creativity, and severity of technology attacks means that all enterprises should ensure that information and communications technology (ICT) risk is receiving appropriate attention within their enterprise risk management (ERM) programs. Specific types of ICT risk include, but are not limited to, cybersecurity, privacy, and supply chain.
-
Oct 17, 2023 | 
fedtechmagazine.com | Karen Scarfone
Oct 17 2023 Security Better logging means improved network visibility for agencies. While cutting-edge technologies grab our attention, it’s the decades-old field of cybersecurity logging that’s increasingly recognized as critically important for finding and addressing vulnerabilities. The past few years have been full of new cybersecurity logging requirements for federal agencies.
