Enhancing Cybersecurity: Implementing NIST Cybersecurity Framework (CSF) with COBIT 2019

by

Collaboration concept with human characters and artificial intelligence elements, simulating the NIST Cybersecuriy Framework (CSF) and the Control Objectives for Information and Related Technologies (COBIT) 2019 framework working together.

Today’s digital landscape is rapidly evolving and organizations face an ever-increasing threat of cyberattacks as a quick scan of news headlines about breaches and data leaks, including the recent cybersecurity attack on MGM shows. To address this challenge, it is crucial for businesses to adopt comprehensive cybersecurity frameworks. Two such frameworks that can work harmoniously to fortify your organization’s cybersecurity posture are the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF) and the Control Objectives for Information and Related Technologies (COBIT 2019).

In this article, we will explore how an organization can effectively implement the NIST CSF using COBIT 2019, promoting security, compliance, and resilience.

Understanding the NIST Cybersecurity Framework (CSF)

The NIST CSF, developed by the National Institute of Standards and Technology, is a widely accepted cybersecurity framework that offers a structured approach to managing and reducing cybersecurity risk. It is built on five core functions: Identify, Protect, Detect, Respond, and Recover. These functions provide a holistic view of cybersecurity management and assist organizations in identifying vulnerabilities, protecting assets, and responding to security incidents.

Read more

Share

Remote Work Security: Shield Team Members from Cyber Threats

by

Image of remote work employees in different locations like under tree, in hammock, home on sofa with laptop etc.

Introduction

The concept of working from home, or remote work, has become more prevalent than ever before. While it offers convenience and flexibility, it also presents unique challenges, with one of the most pressing being the constant threat of cyberattacks. Cyber criminals are actively evolving their tactics to exploit vulnerabilities in remote work setups.

To safeguard your remote employees, it is crucial to ensure that their digital workspace is protected.

In this article, we will explore the significance of securing remote employees from cyber threat actors and provide actionable mitigation steps in an easily understandable format.

Why Protecting Remote Work Employees is Crucial

The shift to remote work has led to an increase in the attempts by cyber criminals to look for, and exploit vulnerabilities, thus making it imperative to safeguard your remote workforce.

Here are a few reasons why:

Read more

Share

Compliance and Risk Management: Navigating the Waters of Cyber Hygiene

by

Image of compliance and risk management simulation composition with icons of contracts, credit card-magnifying glass and people working.

Introduction

Compliance and risk management are two indispensable tools that can help businesses and organizations bolster their cybersecurity posture. With the constant threat of cyberattacks, data breaches, and regulatory fines, the battle to protect sensitive information and maintain the trust of clients and stakeholders is of paramount importance.

Cybersecurity is the front line defense in this battle, and it’s underpinned by two critical pillars: compliance and risk management.

In this article, we will explore the significance of compliance and risk management in an organization and provide clear steps on how to leverage both to fortify your cybersecurity defenses.

Whether you’re a small startup or a multinational corporation, this guide will help you navigate the complex world of cybersecurity with ease.

Read more

Share

18 Ways to Address Critical Vulnerabilities in Technology Systems

by

Image of a computer screen with a list of ways to protect again system vulnerabilities around it.

Addressing critical vulnerabilities in your enterprise’s systems is crucial for maintaining the security and integrity of your organization’s data and operations.

A recent security assessment of an organization’s information technology systems revealed several critical vulnerabilities that demanded immediate attention. In this article, we  outline 18 necessary steps that could be taken to mitigate identified risks to technology systems.

What is a Vulnerability?

According to The Open Worldwide Application Security Project (OWASP) Foundation, a vulnerability is a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application.

Examples of vulnerabilities could be things like:

Read more

Share

OCTAVE Methodology for Information and Technology Governance

by

Image concept icons of a datacenter environment showing a folder secured with a fingerprint, a laptop with "Data Verification" written on it, and a person sitting a cubicle with a golden key on the floor.

Introduction

In today’s digital age, information and technology governance are crucial for the success and security of any business, regardless of its size. Small businesses, in particular, often face unique challenges when it comes to managing their IT resources and safeguarding their sensitive data. One effective approach to address these challenges is the OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) methodology. In this article, we will explore how small businesses can leverage the OCTAVE methodology to enhance their information and technology governance.

What is OCTAVE?

The OCTAVE methodology is a comprehensive framework developed by the Software Engineering Institute (SEI) at Carnegie Mellon University. It is designed to help organizations identify and manage information security risks effectively. OCTAVE takes a systematic and risk-based approach, focusing on both technical and non-technical aspects of information and technology governance.

Read more

Share

The MGM Cyber Attack: A Masterclass in Risk Management

by

Image of a man pulling on a gear device marked high and low risk, and the words “Robust risk management strategies can prevent a cyber attack” in the background.

The MGM Cyber Attack and Lessons in Risk Management

In the ever-evolving landscape of the digital world, cybersecurity has taken center stage. The MGM cyber attack serves as a stark reminder of the constant threat lurking in the shadows of the web. This unfortunate incident, though disconcerting, offers us a valuable lesson in risk management.

It is crucial to learn from these events and take proactive steps to safeguard our digital assets. In this article, we will explore the MGM cyber attack, the lessons it imparts on risk management, and provide practical mitigation steps and solution examples to help organizations

Understanding the MGM Cyber Attack

Before delving into risk management solutions, let’s take a moment to understand what happened during the MGM cyber attack. In September 2023, MGM Resorts suffered a data breach, leading to the exposure of personal information belonging to customers who transacted with MGM Resorts prior to March 2019. This included names, contact information, gender, dates of birth and driver license number. For a limited number of customers, the hackers also accessed Social Security numbers and passport details. According to Bloomberg, the breach stemmed from a social engineering breach of the company’s information technology help desk. MGM’s experience highlights the importance of robust cybersecurity practices.

Read more

Share
Share
Share