With so many scammers prevalent on the web, how can we stay safer online? On the 20th anniversary of Cybersecurity Awareness Month, the Cybersecurity and Infrastructure Security Agency (CISA) has announced a new set of resources and four actionable tips that can help elevate our cyber security.
CISA’s newly launched cybersecurity awareness program theme, Secure Our World, promotes “behavioral change across the nation,” underscoring how individuals, families, and small-to-medium-sized businesses can stay more secure by focusing on four critical actions.
CISA’s recommendations for safer cyber lives include:
Last week, the CISA also announced that it released new resources for combating ransomware campaigns.
Standards and Guidance Help Enable More Cyber Safe Societies
In addition to CISA’s campaign efforts, there are numerous standards and guidance that support cybersecurity at home, in the workplace, and elsewhere. One such standard is ASTM International standard ASTM F3286-17, Standard Guide for Cybersecurity and Cyberattack Mitigation, which addresses the company or government organizational need to mitigate the likelihood of cyberattacks and reduce the extent of potential cyberattacks, which can leave sensitive personal data, corporate information, and critical infrastructure vulnerable to attackers.
Published by SAE International, SAE J 3061-2021, Cybersecurity Guidebook for Cyber-Physical Vehicle Systems, is a recommended practice that provides guidance on vehicle cybersecurity and was created based off of, and expanded on from, existing practices that are being implemented or reported in industry, government, and conference papers. The best practices are intended to be flexible, pragmatic, and adaptable in their further application to the vehicle industry as well as to other cyber-physical vehicle systems (e.g., commercial and military vehicles, trucks, and buses).
INCITS, the InterNational Committee for Information Technology Standards has also published a number of standards related to cybersecurity, including the INCITS Cyber Security - Common Criteria Package that provides guidance on evaluation criteria for IT security. It includes the INCITS/ISO/IEC 15408 series as well as the INCITS/ISO/IEC 18045 standard addressing methodologies for IT security evaluations.
Internationally, cyber safety guidance can be found in ISO/IEC 27001:2022, Information Security, Cybersecurity, and Privacy Protection - Information Security Management Systems – Requirements. This document specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization; it also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. It was developed by the International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC) Joint Technical Committee (JTC) 1, Subcommittee (SC) 27, Information security, cybersecurity and privacy protection. ANSI holds the secretariat to JTC 1.
To offer organizations a common language and a systematic methodology for managing cybersecurity risk across sectors, the National Institute for Standards and Technology (NIST) has published draft revisions to its Cybersecurity Framework (CSF), and public comments on the draft will be accepted until November 4.
As ANSI previously reported, NIST’s draft Cybersecurity Framework 2.0 was developed after more than a year’s worth of community feedback, reflecting changes in the cybersecurity landscape and making it easier for many different kinds of organizations to put the CSF into practice.
Access more tips and find out more about Cybersecurity Awareness Month on CISA’s website. Cheers to safer cyber lives!