Picking up where we left off on the security-by-design thinking offered by NIST 800-160 Volume 1, we move onward in Chapter 3, focusing on the technical management processes. Let’s look at some security design principles at the technical processes level. Technical Management Processes Chapter 3.3 shows us eight processes. Like…
Read MoreMost business owners are overconfident about their small business cybersecurity postures. Two-thirds of senior-level decision-makers who participated in a 2019 survey said they didn’t believe the small- to mid-sized businesses (SMBs) for which they’re responsible would fall victim to a digital attack. Within this prevailing view, many respondents didn’t view…
Read MoreOrganizations are struggling to pinpoint threats that come from real user accounts. Take insider threats, as an example. In a 2020 report, 68% of IT and security experts felt their employers were somewhat or very at risk to insider attacks. Over half (53%) said it had become at least somewhat harder…
Read MoreRisk management and risk assessments go hand in hand, and most organizations have completed a security assessment based on maturity models at some point in their existence. However, more companies are realizing the need to complement maturity models with a risk-based approach for assessing their cybersecurity positions. One such risk-based…
Read More