The Coronavirus (COVID-19) meets Cyber Security

Real-word viruses and their online counterparts

Real-word viruses and their online counterparts

COVID-19 or the Coronavirus is changing life as we know it. From simple handshakes to finding toilet paper, life has changed tremendously over the past several weeks. Not only is this virus a physical threat, but it is also a threat to cyber-security. Different scams, phishing emails, fake news, and other online threats are spreading just as fast as the virus itself. Just as doctors say frequent hand-washing and respiratory hygiene is the best defense against the coronavirus, cybersecurity professionals stress that computer users need to be wary of what people clicking and downloading online.

Read More

Deploying Mobile Devices Securely For The SMB

Deploying Mobile Devices Securely For The SMB

Secure Mobile Device Deployments

As we all know, mobile devices have become not an integral part of the workplace, but even in society. Therefore, the safe deployment of these devices is of paramount importance not just for individuals, but businesses and corporations, government agencies, as well as other entities.

For example:

Mobile devices have indeed become an integral part of any corporate network, as many employees these days now login from their Smartphone to access shared files and other types of resources.
In fact, mobile devices have become the prime target for the Cyber attacker today. Thus, an understanding of the risks and threats that are out there and how to combat them in a proactive fashion is a must.

Read More

Preliminary Draft of NIST Privacy Framework Released

The NIST Privacy Framework will complement the popular NIST CSF

The NIST Privacy Framework will complement the popular NIST CSF

Data privacy and cyber security have a symbiotic and sometimes conflicting relationship. Without robust cyber security, it is impossible to ensure data privacy, as evidenced by the Equifax hack. However, it’s fully possible for an organization to seriously violate users’ data privacy despite practicing robust cyber security. To help government agencies and private-sector organizations better manage the risks of collecting and storing user data and bring privacy risk into parity with their broader enterprise risk portfolio, NIST has released a preliminary draft of the new NIST Privacy Framework, with plans to publish an initial completed version by the end of 2019.

The NIST Privacy Framework will complement the popular NIST CSF

The structure of the NIST Privacy Framework closely mirrors that of the popular NIST CSF so that organizations can use the frameworks together. “While managing cybersecurity risk contributes to managing privacy risk,” NIST writes, “it is not sufficient, as privacy risks can also arise outside the scope of cybersecurity risks.” The Cambridge Analytica scandal – which came to light when a former employee blew the whistle, not in the aftermath of a data breach – illustrated this in stark relief.

What’s in the NIST Privacy Framework?

Like the NIST CSF, the NIST Privacy Framework has three components, or tiers, which seek to reinforce privacy risk management by helping organizations connect business and mission drivers with privacy protection activities.

The Core component of the Privacy Framework is a set of increasingly granular activities and outcomes to encourage organizational dialogue about managing privacy risks. It contains five main functions; Identify-P, Govern-P, Control-P, and Communicate-P, are for managing privacy risks related to data processing, and Protect-P relates to managing privacy risks associated with privacy breaches.

Organizations will use the Profiles component of the Privacy Framework to self-assess their current privacy risk management activities or desired outcomes and identify opportunities for improvement by comparing them with a desired target profile. Finally, the Implementation component will help organizations determine whether they have sufficient resources and processes in place to achieve their target profile.

The Privacy Framework is technology-agnostic and “flexible enough to address diverse privacy needs, enable more innovative and effective solutions that can lead to better outcomes for individuals and enterprises, and stay current with technology trends.”

The need for a separate privacy framework

Mobility and connected everything have fundamentally altered the way we live and do business, and consumers now enjoy many conveniences from these technologies. Unfortunately, as the NIST Privacy Framework points out, these conveniences are made possible by data collection on a massive scale, and consumers “may not be able to understand the potential consequences for their privacy as they interact with systems, products, and services.” NIST goes on to say that organizations may not fully understand the consequences, either, and this could have severely negative effects on them in the long run.

Although no federal data privacy law is currently in sight, the California Consumer Privacy Act takes effect on January 1, 2020, and other states are passing privacy legislation modeled on the CCPA. While the NIST Privacy Framework will be voluntary, it seeks to implement some method to the madness and standardize the language around data privacy and privacy risk management.

Public comment on the NIST Privacy Framework draft will be open through October 24, 2019.

The cyber security experts at Continuum GRC have deep knowledge of the cyber security field, are continually monitoring the latest information security threats, and are committed to protecting your organization from security breaches. Continuum GRC offers full-service and in-house risk assessment and risk management subscriptions, and we help companies all around the world sustain proactive cyber security programs.

Continuum GRC is proactive cyber security®. Call 1-888-896-6207 to discuss your organization’s cyber security needs and find out how we can help your organization protect its systems and ensure compliance.