Every Click Counts: Are You Doing Your Part to Be Cyber Smart?

Access Safety Tools and Standards during Cybersecurity Awareness Month!

Cybercrime can put a halt to business operations, corrupt personal information, and threaten national security. This October, the Cybersecurity and Infrastructure Security Agency (CISA) has launched the 18^th annual Cybersecurity Awareness Month, to educate Americans on how to be more cyber savvy, and to help ensure safer online experiences for everyone with new resources.

Resources to Tackle Cyber Criminal Activity

As part of its ongoing effort to decrease cybersecurity risks, CISA has published a number of resources and tools valuable during Cybersecurity Awareness Month and throughout the year, including:

• Telework Resources – Telework Guidance and Best Practices, to assist organizations and teleworkers in being secure when working remotely.
• Cybersecurity Hub – Assessments, Prevention, and Response Resources, to evaluate operational resilience, cybersecurity practices, organizational management of external dependencies, and other key elements of a robust cybersecurity framework.
• Mis, Dis, Malinformation (MDM) – Misinformation, Disinformation, and Malinformation Resources, to help people understand the scope and scale of MDM activities targeting elections and critical infrastructure, and enabling them to take actions to mitigate risks associated with MDM.
• National Risk Management – Mitigating Cyber Risks to The Nation’s Critical Infrastructure, to help identify threats and vulnerabilities to these assets, systems, and networks that provide functions necessary for our way of life.

Standards Support Cyber Safety Too

Standards also help tackle cyber threats before they can disrupt business. The American National Standard (ANS) developed by ASTM International Subcommittee: F25.05, Computer Applications – ANSI/ASTM F3286-2018, Guide For Cybersecurity and Cyberattack Mitigation – addresses the company or government organizational need to mitigate the likelihood of cyberattacks and reduce the extent of potential cyberattacks, which can leave sensitive personal data, corporate information, and critical infrastructure vulnerable to attackers. The recommendations are meant to serve as a guideline for corporate and government organizations to adopt for the protection of sensitive personal information and corporate data against hackers.

Did you know that connectivity and data sharing through devices can also compromise personal and business information? Another ANS devleoped by UL, UL 2900-1 Ed. 1-2017, Standard For Software Cybersecurity For Network-Connectable Products, Part 1: General Requirements, applies to network-connectable products that shall be evaluated and tested for vulnerabilities, software weaknesses, and malware.

Additional ANS can be found in the INCITS Cyber Security - Common Criteria Package, which provides guidance on evaluation criteria for IT security. It includes the INCITS/ISO/IEC 15408 series as well as the INCITS/ISO/IEC 18045 standard addressing methodologies for IT security evaluations, by INCITS (the InterNational Committee for Information Technology Standards).

Many standards developing organizations are active in this space, drafting standards to deal with various aspects of cybersecurity. These standards are just a sampling of the various standards that protect our cyber safety. Access more, including information on the standard developed by ISO/IEC Joint Technical Committee (JTC) 1, Information technology, Subcommittee SC 27, IT Security techniques via ANSI, and related news:

With Costly and Dangerous Ransomware Attacks on the Rise, U.S. Prioritizes Safety

Standards Support Business Resilience: NIST Releases Cyber Supply Chain Risk Management Strategies