How does a flaw potentially affecting the integrity of printer management application get a “critical” severity rating and one affecting the integrity and operation of anesthesia machines get a “moderate” severity rating? It has to do with our evolving and still immature system of rating (and therefore thinking about) cyber risk.
NIST cybersecurity framework
FBI: Cybercrime Accounted for $2.7B in Losses in 2018
Organizations lost $2.7 billion to Internet-enabled theft, fraud and exploitation in 2018, with business e-mail compromise scams resulting in the highest of these financial losses, according to the FBI’s Internet Crime Complaint Center (IC3).
Interview: securing the University using NIST’s Cyber Framework
College and university campuses are notoriously difficult to tame. In this one-on-one interview, I speak with Plamen Martinov, the Chief Information Security Officer for the Biological Sciences Division at the University of Chicago about how his organization has used NIST’s Cybersecurity Framework to create a security lingua franca at UChicago and improve the organization’s security posture.