NIST Archives - Secure And Assure

Password Commandments 2024: Thou Shalt Relax a Little!

Let's stop with the security theatre around passwords. Long and strong beats short and complex. Every time.

Sam Glynn2024-09-30T08:27:43+01:00September 26, 2024|Tags: daily, information security, ISO 27001, NIST, passwords|

NIST CSF: Version 2.0 is here.

The NIST Cybersecurity Framework (CSF) has just been updated to Version 2.0. Here’s why you should take a look.

Sam Glynn2024-02-27T08:44:20+00:00February 27, 2024|Tags: accountability, assessment, daily, dora, ISO 27001, NIST, regulatory compliance, risk management, senior executives|

Your doors are more important than DORA

Don’t let your focus on regulatory compliance distract you from checking the locks on your doors.

Sam Glynn2024-02-13T07:58:42+00:00February 13, 2024|Tags: analogy, assessment, backups, daily, dora, home security, IT MSP, Multi-Factor Authentication, NIST, passwords, ransomware, regulatory compliance, service provider, third party risk management|

What has a leaking pipe got to do with cyber security?

Why “drip, drip, drip” reminded me of the NIST Cyber Security Framework.

Sam Glynn2024-01-23T08:00:09+00:00January 23, 2024|Tags: analogy, daily, dora, incident response, NIST, what, whathasthisgottodowithcyber|

IRS: What does reasonable security look like?

How to figure out what IRS (Implementing Reasonable Security) looks like for your organisation.

Sam Glynn2023-11-30T17:30:17+00:00November 29, 2023|Tags: accountability, board of directors, central bank, daily, dora, dpc, gdpr, iaf, NIST, regulators, regulatory compliance, risk management, senior executives|

Don’t listen to me. Listen to Microsoft.

Multi-Factor Authentication is no good unless it’s turned on. And another reason to watch Face/Off

Sam Glynn2023-10-11T07:12:54+01:00September 27, 2023|Tags: assessment, board of directors, central bank, crypto fraud, daily, dark web, dora, dpc, gdpr, interview, Multi-Factor Authentication, NIST, passwords, regulators, regulatory compliance, senior executives, service provider, survey, video|

Don’t change your password

You don’t need to change your password every 90 days. You need to change your policy.

Sam Glynn2022-11-28T08:09:36+00:00November 28, 2022|Tags: daily, Multi-Factor Authentication, NIST, password manager, passwords|

Cyber 3-2-1: A Cyber Security Baseline Standard has just been published in Ireland, Bank of Ireland has been fined €24m for risks that never materialised, and. Ireland’s DPC tells us that If we have a complaint about a neighbour’s use of CCTV, we need to take it up with the courts. This week’s action: Review your Incident Response Plan.

Sam Glynn2021-12-03T09:02:10+00:00December 3, 2021|Tags: bank of ireland, CBI, checklist, cirp, cryptocurrency, cyber321, dao, dpc, framework, godaddy, incident response plan, ncsc, NIST, regulator, third party risk management, tprm|

Cyber 321: 3rd October 2021

Cyber 3-2-1: What can we learn from the HSE attack? When is 2FA worth Sweet FA? Why wouldn’t cyber attackers be too worried about 30 countries working together to tackle the scourge of ransomware? This week’s action: Check for updates.

Sam Glynn2022-02-10T11:42:24+00:00October 3, 2021|Tags: chrome, conti, cyber321, hse, Multi-Factor Authentication, NIST, ransomware, updates, whitelisting|

Cyber 321: 23rd July 2021

Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including why cybersecurity influences the valuation of a fintech, how cyber attackers are after your cryptocurrency, the steps recommended by NIST to reduce the risk of ransomware, the reward offered by the US government for information about cyberattackers and terrorists, and the ongoing problem of password reuse. This week’s action: Find out why passwords are like your toothbrush.

Sam Glynn2022-02-10T11:51:25+00:00July 23, 2021|Tags: cryptocurrency, csf, cyber321, fintech, Multi-Factor Authentication, NIST, passwords, ransomware, startups, valuation|