search menu icon-carat-right cmu-wordmark

Subject: Cyber Missions

OCTAVE® FORTE and FAIR Connect Cyber Risk Practitioners with the Boardroom

OCTAVE® FORTE and FAIR Connect Cyber Risk Practitioners with the Boardroom

• Insider Threat Blog
Brett Tucker

Editor's note: This blog post first appeared on the FAIR Institute Blog. Organizations with a mix of cutting-edge technologies and legacy systems need adaptable, agile frameworks that provide executives with a real-time view of cyber risks. They also need tools and processes to ensure that everyone from executives to practitioners practice sound, consistent risk management....

Read More
Mapping the Health Insurance Portability and Accountability Act Security Rule to the Cyber Resilience Review

Mapping the Health Insurance Portability and Accountability Act Security Rule to the Cyber Resilience Review

• Insider Threat Blog
Robert Vrtis

This post is also authored by Matt Trevors. The 2003 Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires health care organizations to safeguard electronic protected health information (ePHI). We have recently mapped the practice questions in the Cyber Resilience Review (CRR) to the Security Rule requirements. This post describes the mapping and how organizations can use the CRR alongside the HIPAA Security Rule....

Read More
CERT Insider Threat Vulnerability Assessments, ITVA Training Course, and ITVA Certificate Program

CERT Insider Threat Vulnerability Assessments, ITVA Training Course, and ITVA Certificate Program

• Insider Threat Blog
Mark T. Zajicek

The CERT National Insider Threat Center (NITC) has been researching insider threats since 2001. In this blog post, we provide an overview of the CERT Insider Threat Vulnerability Assessment methodology, the CERT Insider Threat Vulnerability Assessor (ITVA) Training course, and the CERT Insider Threat Vulnerability Assessor Certificate program....

Read More
Governing the Internet of Things (IoT)

Governing the Internet of Things (IoT)

• Insider Threat Blog
Katie C. Stewart

The Internet of Things (IoT) is proliferating exponentially, exposing organizations to an increased risk of IoT-targeted attacks, such as botnets and DDoS attacks. In this blog post, I explore the challenges of dealing with the IoT and some approaches that organizations can use to reduce their risk as they adopt more IoT technologies....

Read More
Mapping the Cyber Resilience Review to the Financial Sector's Cybersecurity Assessment Tool

Mapping the Cyber Resilience Review to the Financial Sector's Cybersecurity Assessment Tool

• Insider Threat Blog
Jeffrey Pinckard

This post is also authored by Michael Rattigan and Robert A. Vrtis. In 2013 the White House directed the nation's critical infrastructure sectors to improve their cybersecurity. The financial sector responded by publishing the Federal Financial Institutions Examination Council's (FFIEC) Cybersecurity Assessment Tool (CAT)--an extensive, thorough method for determining an institution's cyber posture and reporting compliance to regulators, keyed to the National Institute of Science and Technology (NIST) Cybersecurity Framework (CSF). A lightweight, voluntary, no-cost...

Read More
Announcing Insider Threat Analyst Training from the CERT National Insider Threat Center

Announcing Insider Threat Analyst Training from the CERT National Insider Threat Center

• Insider Threat Blog
Daniel Costa

The CERT National Insider Threat Center (NITC) has recently developed an Insider Threat Analyst Training course. This three-day, instructor-led, classroom-based course presents strategies for collecting and analyzing data to prevent, detect, and respond to insider activity. Students learn various techniques and methods for designing, implementing, and measuring the effectiveness of various components of an insider threat data collection and analysis capability. The course includes instructor lectures and group discussions, as well as hands-on exercises with...

Read More
The 3 Pillars of Enterprise Cyber Risk Management

The 3 Pillars of Enterprise Cyber Risk Management

• Insider Threat Blog
Brett Tucker

Equifax. Target. The Office of Personnel Management. Each new cyber hack victim has a story that makes the need for cyber risk management more urgent. Any organization hoping to maintain operational resilience during disruption should implement risk management. Unfortunately, that comes with many unknowns: Which risk management framework to use? Is risk management expensive? What's the return on investment? This post will help you guide your organization out of this decision paralysis by introducing the...

Read More