The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer. All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information. This policy is subject to change at any time. The owner is not an attorney, and nothing posted on this site should be construed as legal advice. Litigation Support Tip of the Night does not provide confirmation that any e-discovery technique or conduct is compliant with legal, regulatory, contractual or ethical requirements.
Featured on the ACEDS blog.
Follow me on Twitter and see How-To Videos on my YouTube channel.
New tips for paralegals and litigation support profesionals are posted to this site each night. Click on the blog headings for better detail.
NIST is focused on improving cybersecurity in the following areas.
A network penetration goes through a sequence of events. A plan called Coordinated Vulnerability Disclosure, will allow for multiple stakeholders to understand the initial indicators of an attack; its severity; how it can be mitigated; and how the root cause can be addressed. Information sharing is key to disclosure of threats and NIST's SP 800-150 - Guide to Cyber Threat Information Sharing has a 'traffic light' protocol which helps to show when information should be distributed.
NIST is developing a catalog to let those facing a threat select the most appropriate reference.
Small Business Awareness and Resources
NIST recognizes that nearly half of U.S. workers are employed by small businesses. The NISTIR 7621 Revision 1 - Small Business Information Security addresses the needs of small businesses. NIST breaks down cybersecurity awareness for businesses which can't employ people to focus on this area full time.
Governance and Enterprise Risk Management
Getting 'buy-in' from upper management is critical for properly addressing cybersecurity threats. NIST recommends the Baldrige Cybersecurity Excellence Builder as a guide to help organizations manage cybersecurity risk management.