Monday, June 19, 2017

FFIEC CAT v1.1

In June of 2015 the FFIEC (Federal Financial Institutions Examination Council) released the first version of their Cybersecurity Assessment Tool (CAT).  The FFIEC, for those not aware, is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions and is made up of 6 different agencies.

The FFIEC already has a set of works called the IT Examination Handbooks, about a dozen, which help set down standards for IT in several areas.  One of interest would be the Information Security one that was finally updated in 2016.

Thursday, June 15, 2017

NIST Cybersecurity Workshop 2017

In May 2017, NIST hosted another Cybersecurity Workshop.  This 2 day workshop was held as part of their process to update the Cybersecurity Framework.  This process actually started a year ago when NIST had a request for comments on how the framework was used, followed by a workshop to review that input and see if there was a need for an update.

A big question was should the update be incremental (a version 1.1) or major (a version 2.0).  The answer was more for an incremental update.

So this was followed by a draft v1.1 update at the end of 2016, followed by another request for comments on the draft, which lead to this workshop to review the results and do further work to get to a finished v1.1

Wednesday, June 14, 2017

BBC Micro:Bit

A new, interesting board aimed at helping kids get into programming is the BBC micro:bit.

They have setup a Foundation to support this device, and they have a lot of information on their website.

You can purchase them from several sources.  In the US, two sources are Adafruit and Sparkfun.  (see the website for a list of re-sellers worldwide)  Both sell the board at about $15, tho you can get a "kit" that includes a USB cable and a battery pack for a couple more bucks.  Both sell an edge connector for the cards, but Sparkfun has one that allows for the board to be attacked to a breadboard HERE.

Monday, June 12, 2017

HackMiamiCon5 Report

The weekend of May 20-21 2017, HackMiamiCon5 was held in Miami Beach at the Deauville Resort.  I've been to all 5 conferences and have spoken at the last 4.  Yeah, on Sunday I spoke on Cyber Resilience.

Overall, this was a good conference.  Unlike in the past, we actually had 2 tracks both Saturday and Sunday.  In the past, there was only one track on Sunday.