NIST publishes NICE Cybersecurity Workforce framework

The National Initiative for Cybersecurity Education (NICE) released Special Publication 800-181, the NICE Cybersecurity Workforce Framework. The framework presents common terminology to be used to support a capable workforce. It provides a common, consistent lexicon that categorizes and describes cybersecurity work by Category, Specialty Area, and Work Role.

The Cybersecurity Jobs Heat Map has also been updated with new data and other features to align with the NICE workforce framework. The the CyberSeek portal provides access to the heat map.

 

Do you need Geek-speak to be convinced?

If setting up automatic system updates sounds too simple to be effective in combating cyber-attacks,

 

try this....

employing the auto-configurator to engage both server side and client side dissociated daemons in a distributed multi-tasking environment to update the hierarchical organized services directory and install executable specifications, processing abstractions and physical implementations of application program interfaces, peripheral drivers, communication protocols, dynamically linked libraries, interpretable kernels, and other service components and abstractions to their most immediate revision levels as prescribed by the service vendors.

 

STOP.THINK.CONNECT.- May 15, 2017

Over the weekend there was an international alert about ransomware. This attack was particularly troublesome, because it combined a worm (a kind of malware that looks for ways to spread itself) with a “payload” that was ransomware, asking for a ransom to free up locked files.

The shame of the situation was that simple measures, which we remind users about regularly, could have saved the infectious nature of this incident. The malware is named “WannaCry” and it makes you want to cry to realize that following advice about not clicking on suspicious items and updating your system to the latest releases of software, could have stopped this massive intrusion on cyber lives.

We are living in a cyber world; we cannot afford this kind of problem. A few simple steps can help avoid disruption.

  • Keep a clean machine—get the latest versions of software and consider automatics updates to services and apps including your operating system
  • Be web wise – keep aware of threats, think before you act, back up valuable work, and do not install random malware removal tools from untrusted sites

These are simple things. Are they too obvious to be taken seriously? Are you looking for something more technically complex for the advice to be believable? Don’t. Leave that to the technical experts who are constantly providing the complex solutions to make it easy for you.

Just take those simple steps. Clean up your computers, tablets, and smart phones. Be wary of the threats that are posed. Follow the theme put forth by the National Cyber Security Alliance, Stop.Think.Connect and visit their website regularly for information and tips.

 

WORLD PASSWORD DAY-May4, 2017

Thousands of people and hundreds of global organizations will support WORLD PASSWORD DAY on May 4, 2017. We asks students, faculty, and staff to consider using multi-factor authentication.

As more and more sensitive data is stored online, the effects of cybercrime grow more significant each year. In fact, identity theft is among the fastest growing crimes in America. Passwords are critical gatekeepers to our digital identities, allowing us to access online banking, email, and social media, yet the majority of passwords are vulnerable to hacking. Millions of Americans have had their digital accounts hacked because of stolen credentials or weak logins, but many are not using widely available, simple technologies to better secure their online accounts.

The Center for Cyber Security Awareness and Cyber Defense suggests that you join on May 4 to take a social media pledge to improve your password habits. Go to https://passwordday.org/ to find out more and take the pledge

 

IOT Breach

We just finished providing advice about Cloudbleed and now we have another incident requiring comment, CloudPets data breach.

The number of users impacted (800,000) in this case is less important than is the nature of this attack. The internet of things is booming. Refrigerators, televisions, cars and toys are becoming targets. Toys used to be push toys then they became motorized, then they made sounds, and now they are becoming smart. Consumers need to be smart. In the case of toys, information about your children may be getting into the wrong hands.

The National Cyber Security Alliance (the nation's leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness) produced a statement about CloudPets that includes some good advice and an infographic. While much of this is a repeat of the messages from cybersecurity Awareness Month, you ought to heed their warning. In summary you need to:

  • Know how to maintain cybersecurity for your IT devices.
  • Own your online presence.
  • Lock down you login.
  • Pay attention to your Wi-Fi in your home.

  • Research before you purchase.

What to do about Cloudbleed?

The full impact of Cloudbleed is still unknown, however, it is "better to be safe than sorry." Cloudbleed provides an opportunity to remind everyone to be more diligent in managing their passwords. Given the millions of transactions performed by Cloudflare for numerous highly recognized websites, anyone's authentication or personal information may have been leaked. No one yet knows if Cloudbleed was exploited. We recommend doing a risk assessment and following the best practices. There are password creation tips provided by Stop Think Connect.

We have published a more complete explanation of "What to do about Cloudbleed" on the MSCS website. This includes:

  • Understanding your risk.
  • Using pass phrases that you can remember.
  • Creating unique pass phrases for unique sites.
  • Using multi-factor or two-factor authentication.

Other Resources for News and Views

There are many websites that provide access to news and views about information security.

These include the following:

While not exactly industry views, here are links to two videos that suggest the importance of cybersecurity technology: