Monday, June 26, 2017

A look at the NYDFS requirements for Cybersecurity

Hopefully most people have heard of the new NY State regulations on cybersecurity, usually referred to as the NYDFS regs, or "23 NYCRR 500" or the like.

These went into effect on March 1, 2017 and you can read the regs HERE.  Its just 15 pages.

Now, there are a lot of articles out there on the regs.  So not so much interested in going over in deal what the regs say, but instead to comment on what it here.


Monday, June 19, 2017

FFIEC CAT v1.1

In June of 2015 the FFIEC (Federal Financial Institutions Examination Council) released the first version of their Cybersecurity Assessment Tool (CAT).  The FFIEC, for those not aware, is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions and is made up of 6 different agencies.

The FFIEC already has a set of works called the IT Examination Handbooks, about a dozen, which help set down standards for IT in several areas.  One of interest would be the Information Security one that was finally updated in 2016.

Thursday, June 15, 2017

NIST Cybersecurity Workshop 2017

In May 2017, NIST hosted another Cybersecurity Workshop.  This 2 day workshop was held as part of their process to update the Cybersecurity Framework.  This process actually started a year ago when NIST had a request for comments on how the framework was used, followed by a workshop to review that input and see if there was a need for an update.

A big question was should the update be incremental (a version 1.1) or major (a version 2.0).  The answer was more for an incremental update.

So this was followed by a draft v1.1 update at the end of 2016, followed by another request for comments on the draft, which lead to this workshop to review the results and do further work to get to a finished v1.1

Wednesday, June 14, 2017

BBC Micro:Bit

A new, interesting board aimed at helping kids get into programming is the BBC micro:bit.

They have setup a Foundation to support this device, and they have a lot of information on their website.

You can purchase them from several sources.  In the US, two sources are Adafruit and Sparkfun.  (see the website for a list of re-sellers worldwide)  Both sell the board at about $15, tho you can get a "kit" that includes a USB cable and a battery pack for a couple more bucks.  Both sell an edge connector for the cards, but Sparkfun has one that allows for the board to be attacked to a breadboard HERE.

Monday, June 12, 2017

HackMiamiCon5 Report

The weekend of May 20-21 2017, HackMiamiCon5 was held in Miami Beach at the Deauville Resort.  I've been to all 5 conferences and have spoken at the last 4.  Yeah, on Sunday I spoke on Cyber Resilience.

Overall, this was a good conference.  Unlike in the past, we actually had 2 tracks both Saturday and Sunday.  In the past, there was only one track on Sunday.

Tuesday, May 23, 2017

New Cybersecurity Executive Order

So by now hopefully most are aware of the recent Executive Order signed by President Trump.  While not numbered, it came out May 11th, which was just before the planned NIST Cybersecurity Framework Workshop.  Full title is "Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure".

So let's take a look at it.

It has 5 sections.  Sections 4 and 5 we can basically overlook.  Sec4 is definitions, while Sec5 is General Provisions.

Monday, May 22, 2017

Recent events

Am a little behind on posting on some very recent events.

Last week I was at the NIST Cybersecurity Workshop.  Lot of interesting things there.  Further, the prior week Trump signed an Executive Order on Cybersecurity that has an impact on things.

This past weekend I was at the HackMiamiCon5, where I also spoke on cyber resilience.  More on that as well.

Hopefully soon I will be speaking at an upcoming HackMiami meeting on various updates (the NIST CSF Workshop, recent EO, and some other regulations that have come out).