Jump to content

Cre8asiteforums Internet Marketing
and Conversion Web Design


Photo

A Call For Cyber Hygiene


  • Please log in to reply
2 replies to this topic

#1 cre8pc

cre8pc

    Dream Catcher Forums Founder

  • Admin - Top Level
  • 14771 posts

Posted 04 January 2017 - 10:23 AM

DigitalGov shared this...thought some of you might mull over it.

 

Rethinking Cybersecurity from the Inside Out

 

After four years of research and development, National Institute of Standards and Technology (NIST) has published a groundbreaking new security guideline that addresses the longstanding problem of how to engineer trustworthy, secure systems — systems that can provide continuity of capabilities, functions, services, and operations during a wide range of disruptions, threats, and other hazards. In fact, I think that Special Publication 800–160, Systems Security Engineering, is the most important publication that I have been associated with in my two decades of service with NIST.

 

 

Our fundamental cybersecurity problem can be summed up in three words — too much complexity. There are simply too many bases — all the software, firmware, and hardware components that we rely on to run our critical infrastructure, business, and industrial systems — for us to cover as it is, and we’re adding to the number of bases all the time.

Increased complexity translates to increased attack surface — providing adversaries a limitless opportunity to exploit vulnerabilities resulting from inherent weaknesses and deficiencies in the components of the underlying systems that we have built and deployed. We can characterize this predicament as the N+1 vulnerabilities problem.

 

 

 



#2 bobbb

bobbb

    Sonic Boom Member

  • Hall Of Fame
  • 3377 posts

Posted 04 January 2017 - 12:13 PM

There are simply too many bases — all the software, firmware, and hardware components that we rely on

 

I bet Bill Gates would agree with this especially the software part. :)

Betya other big players would agree also as long as they would be the provider.

 

It's a bit late for this debate about security.



#3 iamlost

iamlost

    The Wind Master

  • Site Administrators
  • 5469 posts

Posted 07 January 2017 - 08:47 PM

Too bad the government wasn't extending consumer liability regulation to all those 'what's a security' IoT devices so that a few good class action law suites would reign in the idiocy of bolt on after the horse has bolted security crap. The guideline is fine but 20 years late; or rather pretty much an annual regurgitation from some authority or another for the past 2-decades.

 

And while they are about it how about firing the idjits at the US Patent office and reviewing the swamp that is US software patent 'law'. And kill the ridiculous constraints that has been EULAs since Bill was a boy. And... :emo_gavel: :kill_spam: :spambuster:





RSS Feed

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users