
I was perusing through NIST SP 800-61, titled “Computer Security Incident Handling Guide” for those not familiar with it, the other day and noticed a good resource of pre-built incident handling table top scenarios in one of its appendices. This…
Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “NIST Requesting Feedback on Draft SHA-3 Hash Algorithm”, 2) “Home Internet Security – Part…
NIST recently released their draft for the FIPS 202 standard, otherwise known as the SHA-3 hash, and are requesting public comment. Based on the Keccak algorithm the new standard provides six hash functions, including four fixed length and two extendable…
Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “NIST Offers Draft Security Engineering Guidance”, 2) “Forget this Network – The Unfortunate Best…
It’s nice to see NIST offer some official guidance on this aspect of security, where we build security in versus tacking it on at the end. Don’t expect anything new as organizations have been doing this for the past decade…
Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “NIST Issues Draft of Updated RNG Guidance…Sans Flawed Dual_EC_DRBG Algorithm”, 2) “Bolstering Security with…
In the wake of concerns over potential NSA tampering with NIST’s random number generator guidance, the standards organization has released the first updated draft of Special Publication 800-90A Revision 1, titled “Recommendation for Random Number Generation Using Deterministic Random Bit Generators.”…
NIST finally released their official Cybersecurity Framework earlier this week. As usual not everyone is happy about this great accomplishment. The removal of the privacy appendix in January and the lack of incentives frustrated many. Personally, I am not necessarily…
Geez … not only do agencies they have to meet some DHS-based continuous monitoring paper-pushing deadline but they end up having to reshuffle everything given new guidance. This article summarizes that new guidance and discusses how agencies can integrate its…
Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “Are You Paid More Than a CISSP?”, 2) “NIST…Where Best Practice Unicorns Go To…