Enterprise Security Risk Management

RSS

The Office of the Comptroller of the Currency (OCC) reported the key issues facing the federal banking system and the effects of the COVID-19 pandemic on the federal banking industry in its Semiannual Risk Perspective for Fall 2020.

The Cybersecurity and Infrastructure Security Agency (CISA) and government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force released an analysis report on the impact of COVID-19 on global supply chains.  Building A More Resilient ICT Supply Chain: Lessons Learned During The COVID-19 Pandemic examines how ICT supply chains have been logistically impacted by the pandemic and provides practical recommendations to increase supply chain resiliency from future risks.

NOAA’s Satellite and Information Service (NESDIS) has signed an agreement with Google to explore the benefits of Artificial Intelligence (AI) and Machine Learning (ML) for enhancing NOAA’s use of satellite and environmental data.

The National Association of Regulatory Utility Commissioners Center for Partnerships & Innovation announced the release of the Cybersecurity Tabletop Exercise Guide and Public Utility Commission Participation in GridEx V: A Case Study. These new publications highlight the need for public utility commissions and utilities to coordinate on cybersecurity preparedness efforts.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released two joint cybersecurity advisories on widespread advanced persistent threat (APT) activity. Joint Cybersecurity Advisory: AA20-296A Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets Joint Cybersecurity Advisory: AA20-296B Iranian State-Sponsored Advanced Persistent Threat Actors Threaten Election-Related Systems

Digital Shadows released its quarterly research report focusing on the latest trends in ransomware. Unfortunately, for vulnerable organizations everywhere, Digital Shadows Photon Research team found that ransomware as a market and community on the dark web has expanded since Q2.

The National Security Agency (NSA) has released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. This advisory provides 25 Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks.

The National Security Agency (NSA) announced the release of SkillTree, an internally-developed open source solution for gamifying user training. SkillTree provides a systematic and interactive way to promote user proficiency of an existing application. The service is based on industry best practices using gamification to provide awareness of tool features, promote best practices, and document user progression and expertise. By reducing an application’s training curve, SkillTree reduces traditional comprehensive training costs while providing a more enjoyable experience for the user.

In a new survey, federal executives identified a number of challenges associated with remote work; safely returning to the workplace; and guarding against fraud, waste, and abuse.