NIST SP 800-37 Rev. 2: Risk Management Framework for Information Systems and Organizations

The National Institute of Standards and Technology (NIST) has released its Security Publication (SP) 800-37 Rev. 2: “Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy.”

Continue Reading →

Germany Publishes New Broadband Router Security Guidelines

The German government Federal Office for Information Security published technical security guidelines for broadband routers commonly used in Small Office and Home Office (SOHO) environments. The new guideline provides recommendations to manufacturers on designing and implementing routing products with “adequate state-of-the -art security features.”

Continue Reading →

“Operation Main Street” aims to stop small business scams

The Federal Trade Commission (FTC) announcedOperation Main Street: Stopping Small Business Scams, a coordinated joint effort with the Better Business Bureau (BBB), law enforcement and state/federal partners, to help stop scams that target small businesses.

Continue Reading →

PCI DSS 3.2.1 release

The PCI Security Standards Council (PCI SSC) has published a minor revision to the PCI Data Security Standard (PCI DSS) many businesses use to safeguard payment card data. The latest version 3.2.1 replaces the previous version 3.2 to mainly account for migrations to newer and more secure versions of Secure Socket Layer (SSL) and early Transport Layer Security (TLS), given previous migration deadlines have passed.

Continue Reading →