Wednesday, June 28, 2017

Better Business Bureau's work on Cybersecurity (CYBER$3CUR1TY)

While I was at the NIST CSF Workshop, something I learned about is the work being done by the Better Business Bureau on Cybersecurity, especially for small businesses.  This under the tagline of CYBER$3CUR1TY.

Tho to be accurate, this is coming from the Council of Better Business Bureaus, which is the umbrella organization for BBBs in North America.

All of what they have may be found HERE.

Monday, June 26, 2017

A look at the NYDFS requirements for Cybersecurity

Hopefully most people have heard of the new NY State regulations on cybersecurity, usually referred to as the NYDFS regs, or "23 NYCRR 500" or the like.

These went into effect on March 1, 2017 and you can read the regs HERE.  Its just 15 pages.

Now, there are a lot of articles out there on the regs.  So not so much interested in going over in deal what the regs say, but instead to comment on what it here.

Monday, June 19, 2017


In June of 2015 the FFIEC (Federal Financial Institutions Examination Council) released the first version of their Cybersecurity Assessment Tool (CAT).  The FFIEC, for those not aware, is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions and is made up of 6 different agencies.

The FFIEC already has a set of works called the IT Examination Handbooks, about a dozen, which help set down standards for IT in several areas.  One of interest would be the Information Security one that was finally updated in 2016.

Thursday, June 15, 2017

NIST Cybersecurity Workshop 2017

In May 2017, NIST hosted another Cybersecurity Workshop.  This 2 day workshop was held as part of their process to update the Cybersecurity Framework.  This process actually started a year ago when NIST had a request for comments on how the framework was used, followed by a workshop to review that input and see if there was a need for an update.

A big question was should the update be incremental (a version 1.1) or major (a version 2.0).  The answer was more for an incremental update.

So this was followed by a draft v1.1 update at the end of 2016, followed by another request for comments on the draft, which lead to this workshop to review the results and do further work to get to a finished v1.1

Wednesday, June 14, 2017

BBC Micro:Bit

A new, interesting board aimed at helping kids get into programming is the BBC micro:bit.

They have setup a Foundation to support this device, and they have a lot of information on their website.

You can purchase them from several sources.  In the US, two sources are Adafruit and Sparkfun.  (see the website for a list of re-sellers worldwide)  Both sell the board at about $15, tho you can get a "kit" that includes a USB cable and a battery pack for a couple more bucks.  Both sell an edge connector for the cards, but Sparkfun has one that allows for the board to be attacked to a breadboard HERE.

Monday, June 12, 2017

HackMiamiCon5 Report

The weekend of May 20-21 2017, HackMiamiCon5 was held in Miami Beach at the Deauville Resort.  I've been to all 5 conferences and have spoken at the last 4.  Yeah, on Sunday I spoke on Cyber Resilience.

Overall, this was a good conference.  Unlike in the past, we actually had 2 tracks both Saturday and Sunday.  In the past, there was only one track on Sunday.