Should I Use NIST 8228 or NIST 8259 for IoT Design or IoT Testing?

by John Verry | Jun 3, 2020 | IoT Security

Reading Time: 4 minutes I am on record as largely being a very big fan of NIST guidance. My only significant complaint being that they often produce too many forms of interrelated guidance on a single subject, often cross-referenced to dozens of other NIST...

GDPR, CCPA and the NIST Privacy Framework, OH MY!

by John Verry | Feb 13, 2020 | Privacy

Reading Time: 4 minutes GDPR, CCPA and the NIST Privacy Framework, OH MY! Like Dorothy in The Wizard of Oz, those of us concerned with privacy regulations seem to be following a yellow brick road. Although where this one ends there’s no all-powerful and...

Collection 1 Breach – Why You Need Password Management (and 2FA)

by Michael Gargiullo | Mar 19, 2019 | InfoSec Strategies

Reading Time: 2 minutes Even this era of near-daily data breach headlines, the Collection 1 trove gives one pause. What is being called the largest public breach ever is apparently just the tip of a gargantuan, 4TB iceberg of unique emails and passwords,...

NIST CSF Tiers and Profiles for Dummies… (or Senior Management)

by John Verry | Feb 4, 2019 | ISMS Consulting

Reading Time: 2 minutes Okay, that was harsh… But anyone who has had the “pleasure” of explaining the “simple complexity” of the NIST Cybersecurity Framework to management or other non-technical folks understands how challenging it can be. As the Virtual...

What is a NIST Penetration Test?

by John Verry | May 11, 2018 | Penetration Testing

Reading Time: 3 minutes Editor’s Note: This post was originally published in June 2013 and has been updated for accuracy and comprehensiveness. NIST/FISMA guidance is generally more prescriptive than most other forms of information security guidance....