- US-CERT Updates Cybersecurity Incident Notification Guidelines (Health IT Security): The US Computer Emergency Readiness Team has announced new guidelines that will go into effect on April 1, 2017. The guidelines apply to all government entities at the federal, state and local levels, the article said. The court defined an incident as something that “actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system,” or one that “constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.” The guidelines set a 7 day reporting requirement, and provided 7 steps for agencies to follow. The full guidelines are attached. The text of the article can be found here.
- NIST Focuses on Cybersecurity of Connected Devices (EDM Digest): The National Institute of Standards and Technology (NIST) recently addressed the security of connected devices. An article discussing the report said that engineering solutions to the problem are “essential.” The report stressed the increasing frequency and severity of attacks on connected devices, and the article suggested that 2017 will be even worse. The article set forth the NIST report’s four main categories, including the following: Agreement process; Organizational project-enabling process; Technical management process; and Technical Process. DHS also recently released an IoT strategy. Both reports are attached. The full article can be found here.
Leave a Reply