For the first time since 2014, the world’s leading cybersecurity guidance is getting a complete makeover. The NIST Cybersecurity Framework (CSF) 2.0 released its initial public draft in August 2023 and is approaching its final stages before implementation in early 2024.
CSF 2.0, in alignment with the National Cybersecurity Strategy set by the Biden Administration, will expand the use of the CSF, emphasize supply chain risk management, increase implementation guidance, clarify cybersecurity measurement and assessment, and even add an entirely new function.
Changes in NSF 2.0 are evident in both its title and scope. Its original title, "Framework for Improving Critical Infrastructure Cybersecurity," has been changed to the commonly used name, "Cybersecurity Framework." Its scope has modified from its original emphasis on U.S. critical infrastructure to a focus on all organizations around the world.
The original five framework core functions — identify, protect, detect, respond, and recover — will also gain a new function in the CSF 2.0 updates. Govern (moved to its own subcategory from the identify function) will be added as a sixth function to establish and monitor organizational cybersecurity risk management strategy, expectations, and policy. Govern is cross-cutting and informs how organizations will achieve and prioritize the outcomes of the other five functions in the context of its mission and stakeholder expectations.
NIST is accepting public comment on the draft framework until Nov. 4, 2023, and does not plan to release another draft.
Find out more about what to expect from NIST CSF 2.0 here.
We have something special for you this week — a hand-picked collection of the top cybersecurity news from across the web.
Thanks for being a part of our community!
Want to stay connected with CyberProtex? Follow our socials!
Will Artificial Intelligence (AI) play the role of a double agent in the future of cybersecurity?
According to a recent Microsoft Security blog post, this seems to be the case as cyber attacks are becoming more automated through AI-assisted tools. They are also increasing exponentially, and "the number of password attacks Microsoft detects has more than tripled in the last 12 months, from 1,287 per second to more than 4,000 per second."
The new wave of cyber attacks, also known as offensive AI, can enable cybercriminals to direct targeted attacks at daunting speeds and scale while flying under the radar of traditional detection tools. As offensive AI quickly redefines the cyber threat landscape, it's crucial that organizations adopt new defenses to fight back.
How can we defend ourselves against offensive AI? AI might also be the answer to that question.
There is now a unique opportunity to harness the power of AI in combination with an end-to-end security solution to build a resilient security posture with defenses that adapt just as fast as the "bad guys."
Cyberprotex, a proud Microsoft Gold Partner, can prepare you for the era of AI.
Why does cybersecurity matter in business?
With the increasing reliance on technology and the internet, cyber threats are becoming more sophisticated and frequent, posing a significant risk to businesses of all sizes. Take it from a recent data breach of a popular platform that exposed the data on three-quarters of a million users.
On August 14th, Discord.io, a custom invite service for the instant messaging service Discord, experienced a temporary shutdown following a data breach that exposed the information of 760,000 of its members. Leaked user data included sensitive user information such as usernames, Discord IDs, email addresses, billing addresses, and salted and hashed passwords. On its website, Discord.io claims they "believe that the breach was caused by a vulnerability in our website's code, which allowed an attacker to gain access to our database. The attacker then proceeded to download the entire database, and put it up for sale on a 3rd party site."
Hiring full-time cyber security professionals is an effective way for companies to protect themselves against cyber attacks and preserve the security of the business. You can't be there 24 hours a day, but we can. Choose CyberProtex as your Managed Security Provider to protect your business against cyber threats and information loss. View our available services at cyberprotex.com.
Are you ready to take your cybersecurity career to new heights? The CISSP certification can open doors to exciting opportunities, but the road to success requires diligent preparation. At CyberProtex we're here to offer insider tips that will set you up for success.
1. Comprehensive Curriculum Tailored for Success
Our CISSP Bootcamp is designed to cover every aspect of the (ISC)² CISSP CBOK domains. Our experienced instructors have curated a curriculum that not only aligns with the exam objectives but also imparts practical knowledge you can apply directly in the field. With CyberProtex's bootcamp, you'll dive deep into each domain, gaining a well-rounded understanding that goes beyond the exam.
2. Expert Instructors
We understand that navigating the CISSP exam can be a daunting task. That's why our instructors are not just experts in the field but also empathetic educators who have been in your shoes. They provide clear explanations, real-world examples, and insightful guidance that will help you grasp even the most complex concepts.
3. Interactive Learning Environment
Learning is most effective when it's engaging. Our bootcamp sessions are designed to be interactive, encouraging participants to ask questions, share insights, and collaborate with fellow cybersecurity enthusiasts. This dynamic approach ensures that you not only absorb the material but also retain it for the long run.
4. Realistic Practice and Exam Simulations
One of the keys to acing the CISSP exam is practice. Our 5 day bootcamp doesn't just focus on theoretical knowledge – we provide hands-on exercises and practical scenarios that mimic real-world challenges. Additionally, our exam simulations will help you become familiar with the exam format, time constraints, and question types, giving you the confidence to tackle the actual exam.
5. Inclusion of Exam Voucher
We're invested in your success, and that's why we're delighted to offer an Exam Voucher as part of our bootcamp. This invaluable resource not only eases the financial burden of the exam but also motivates you to commit fully to your preparation.
6. Flexible Learning Options
Whether you prefer to learn in a traditional classroom setting or from the comfort of your home, CyberProtex has you covered. Attend our bootcamp in person in Huntsville, AL, or join our live online sessions via WebEx. Whichever option you choose, the quality of instruction remains exceptional.
With just 5 days of intensive training, you'll be equipped with the knowledge, skills, and confidence you need to ace the CISSP exam. At CyberProtex, we're not just preparing you for an exam; we're preparing you for a successful career in cybersecurity.
Ready to embark on this transformative journey? Register now for CyberProtex's CISSP Bootcamp. Have questions? Email or call us!
Benjamin McGee | CEO, CyberProtex
One of the most recognized certifications in the cybersecurity field is the Certified Information Systems Security Professional (CISSP). In this blog post, we will explore 5 compelling reasons why obtaining your CISSP certification can benefit you and elevate your cybersecurity career.
All in all, the CISSP certification is a transformational step towards a fulfilling and rewarding cybersecurity career. As an ethical professional in this rapidly evolving industry, CISSP ensures you remain in high demand and secure a bright future.
We offer an online and in person CISSP exam prep bootcamp here at CyberProtex. If this interests, click the button below to learn more!