Vartan C.

📌 Q: How can I evidence compliance with NIST SP 800-171? A: Conduct your NIST 800-171 self-assessment. The assessment should be done according to NIST SP 800-171A. That methodology will result in a self-assessment score, which must be submitted via the DoD’s SPRS portal. The goal is an SPRS score of 110 v/ PreVeil Cc: Chris Petersen | Keith Dobbs | Chuck Brooks | Jason Thomas #cloud #cloudsecurity #cloudai #cyberai

17

WHY???????? 96% of CISOs faced a ransomware attack last year..and 83% of those paid.- Splunk There is a better way. Flair Data Systems vCISO's can help you proactively prevent and help you remediate cyberattacks. Schedule 30 minutes with our vCISO's, free of charge, to discuss your cyber needs. #cybersecurity https://lnkd.in/gTvxtibv

3

Beware of the pitfalls with XDR vendors—here’s what you need to watch out for: - XDR is not SIEM: Don't mistake XDR for a log management system. The more logs you shove into it, the worse it performs. XDR is designed for precision, not data hoarding. Manage it wisely, or you'll lose control. - SIEM isn’t XDR: Merely slapping “Nextgen” in front of your SIEM doesn’t transform it into XDR. SIEM is inherently limited by variety and high data volume—understand its boundaries before you push them. - Ignore the hype: Claims that cloud-based XDR offers better correlation are just marketing fluff. Data isolation is crucial, regardless of where it's stored. If your data isn't loaded into the cloud, it should not impact the quality of threat detection. Vendors can upload everything necessary for detection to your on-prem instance. Remember, the main difference between on-prem and cloud is cost and ease of implementation/use. Stay sharp and don’t let vendor slick talk cloud your judgment. #XDR #SIEM

100

9 Comments

Episode 179 of CISO Stories featuring George Finney CSO at Southern Methodist University Available now! Hosted by Todd Fitzgerald, Best-Selling Author of CISO Compass and VP, Cybersecurity Strategy, CyberRisk Alliance Many organizations are starting today down the Zero Trust path. Zero Trust is a strategy (vs an architecture) and to prove the value of this investment, we need to start thinking about metrics to demonstrate value. Join us as we discuss some of the metric directions to consider when moving our organizations towards Zero Trust. #ciso #zerotrust #architecture #cybersecurity #securitystrategy CyberRisk Collaborative, a CyberRisk Alliance Resource. https://lnkd.in/eXTP9-Ks

3

How many of your high-value data sources are you monitoring automatically with an enterprise SIEM tool? If you are an organization with, say, 1000 employees, you should have at least 50 unique data sources (integrations like 365, aws, okta, ndr..). Anything less and it will take months instead of minutes to detect or respond to breaches. Almost all major breaches were due to a complete lack of monitoring coverage, missing events detectable for years. Below is an example of how adequately deployed SIEM/XDR would look from an integration point of view. In addition to the usual cloud, endpoint, and NDR, all other identity, accounting, IOT, SCADA data sources are also auto-inspected. I've seen compromised hospital machines go undetected for years and root SSH access to backup servers from the foyer camera. Onboarding data sources into a SIEM means you've inherited an automated analyst who works 24/7 across all your digital assets. In the image below, at least 50% of the escalations metric are prevented breaches, months in advance. #cybersecurity

18

2 Comments

DONT MISS OUT ON ACQUISITION OPPORTUNITIES! Is 2025 the year you're looking to expand by acquiring a security business? If so, you should be in my buyer's database. To learn about upcoming opportunities, send me an inmessage with your email address, and I'll add you. #buyasecuritybusiness

41

When you create, change or delete computer files, there are many types of data that subsequently should exist. In a similar manner, there also are types of data that should not exist, in the absence of a certain event. For example, if no sale was made, there should be no record of a transaction. If a sale was made, there should be multiple records related to that transaction (i.e. a bill of sale, a credit card charge, a reduction in inventory, etc.) When we are reviewing evidence, the two circumstances that trigger an alarm are: —when data exists… that shouldn’t exist, and  —when data does not exist… that should. In court, we sometimes have to make this crystal clear to a judge, by being both concise and specific. “Your Honor,” we might explain, “If a sales transaction was deleted, there still should be a log file for both the sale as well as the cancellation, because that is how this company’s systems work.” In some cases, unfortunately, when parties have a narrative problem, they may also try to delete or falsify data. If they do this without being fully aware of all the places that related records also exist (or must exist)... and when we spot it, they now have a bigger problem. iDiscovery Solutions #weareiDS #SubjectMatterExperts #DataStrategists #DataProblems #Testimony

26

2 Comments

The world is fighting Organized Cyber Crime with Disorganized and Placebo Cyber Security. $10 trillion costs and losses to cyber crime a year, and $300 billion, poorly spent on Cyber Security. Cyberwar is clearly good for business for some... With the recent issuance of the latest version of CMMC as well as the Digital Operational Resilience Act (DORA), the latter coming into force in January 2025, you'd be forgiven to think our governments are finally getting their act together. Sadly without any disrespect to the efforts these took to author, both lack any real assurance and both will not be met and be abused from the get go. The vast majority of cybercrime stems from the Internet. The word Internet only gets mentioned twice in the below attached DORA paper... Interestingly the EU Commission paper on DNS Abuse in January 2022 used the term DNS 995 times. Utterly bizarrely, DNS is not mentioned once in this DORA paper which is a third-party risk management compliance act. ''Complement periodic questionnaire-based risk assessments with continuous tracking and analysis of external threats to third parties. As part of this, monitor the Internet and dark web for cyber threats and vulnerabilities.'' Internet Assets and DNS Servers are THE VULNERABILITIES. Today I have written to the Financial Conduct Authority, Serious Fraud Office (UK), National Crime Agency (NCA), and Information Commissioner's Office to share information of the UK's challenger digital banks. All fall woefully short of current basic 101 security and regulations, let alone DORA. As Cyber Crime and Fraud continues to destabilise economies and societies, forgive my candidness, these regulations are simply more compliance paperwork for the sake of it. Not once does DORA state - A company must ensure their Internet Assets and Servers are Secure, Controlled, and Managed to protect and secure the organisation, their customers, and shareholders. Instead it says, and I quote: ''Complement periodic questionnaire-based risk assessments...'' This then becomes a subjective, tick box exercise. DORA like GDPR, UKDPA, and CMMC will more than likely see a zero increase in REAL security, third-party or otherwise - it may however see the odd fine... Another missed opportunity and guarantee of; Us, Them, and Digital Whack-a-Mole for security teams. Cybersec Innovation Partners

55

5 Comments

IANS and Artico Search do such an amazing job on this #CISO report every year. If you have any interest in #cybersecurity this is fun stuff. Budgets, salaries, priorities and more -- all sliced up to show overall and industry trends. Page 6 has a really great insight from Steven Martano, but it should be sobering: "Companies that have been hit the hardest by inflation and other macro challenges are cutting back the most—not only in cyber, but in budgets across the board..." While cyber is mostly spared (at a macro level) the problem is that, based on ransomware payout guesswork alone, the threat actors are very likely growing their investments at a much faster rate than your security team. How well do you suppose that works out?

5

The Cybersecurity Mirage: A Systemic Industry Failing. Decades of executive orders, cyber incidents, and warnings from Cybersecurity and Infrastructure Security Agency, coupled with landmark, but impotent regulations like GDPR, CMMC, and soon DORA, have all failed to move the needle on systemic cybersecurity negligence. From the U.S. Department of the Treasury to critical telecommunications, organizations have been repeatedly exposed by foreseeable and preventable vulnerabilities, epitomized by incidents like SolarWinds. Despite these breaches being rooted in basic errors such as misconfigured DNS, faulty PKI implementations, and insecure Internet assets, the response remains pitifully stagnant. Rather than rectifying these foundational failings, many entities deflect blame onto third-party vendors, a convenient scapegoat for self-inflicted lapses. The core issue lies not in the complexity of threats but in the collective inability—or unwillingness—of organizations to prioritize basic security hygiene. Instead of building resilient infrastructures, the Digital Industrial Complex (the Digital counterpart of Military Industrial Complex and shrouded in as much Fog of War) profits from patchwork solutions that serve to perpetuate, rather than resolve, these vulnerabilities. Federal agencies and private enterprises alike treat cybersecurity incidents as unforeseeable events, continue to mask the glaring truth: these crises stem from negligence rather than inevitability and sophistication. Most fail to secure the very assets foundational to digital operations, leading to cascading compromises. Such a culture of deflection and negligence fuels an endless cycle of breaches. Until we confront these systemic issues head-on, reject the profit-driven inertia of the cybersecurity industry, and hold organizations accountable for their inaction, the centrifuge will spin faster. The consequences of these systemic failures, far from hypothetical, threaten national security, economic stability, and public trust in the digital age. It's time we stop settling for reactive apologies and demand proactive accountability. Cybersec Innovation Partners

40

9 Comments

Power up ⚡ your vulnerability remediation cycle with the platform designed to zap 21st century headaches. We're talkin' saving time spent patching, automating your work, and getting back on CISA's good side. Here's how Vicarius helps: 🔹 See everything in one place: Forget siloed data and endless spreadsheets. Vicarius provides a single source of truth for all your vulnerability data. 🔹 Prioritise like a pro: Vicarius goes beyond just severity scoring. It uses real-time context to prioritise vulnerabilities that matter most to your organisation. 🔹 Patch smarter, not harder: Integrate patching for Windows, Linux, Mac, and third-party applications – all from the same platform. 🔹 Automate the mundane: Free yourself from repetitive tasks. Vicarius automates patching, threat mitigation, and even vulnerability scans. Try vRx today, risk-free, pain-free. (Seriously, why wait? ) #vulnerabilitymanagement #cybersecurity #CISA #automatedsecurity #patching

2

A new AD is available for public comments: 3946: NIST SP 800-171 Rev. 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations To post comments, create a FREE account and add comments in the box with the red balloon https://hubs.la/Q02J94Vh0 #unifiedcompliance #cybersecurity #authoritydocuments #riskmanagement

3

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. https://lnkd.in/e6snbZh4 #rhymtech #thinkcyberthinkrhym #rhymcyberupdates

3