NIST Special Publication 800-53, Revision 5
Security and Privacy Controls
Final Public Draft: October 2018
Final Publication: December 2018
Source: https://csrc.nist.gov/projects/risk-m…
NIST Special Publication 800-53A, Revision 5
Assessment Procedures for Security and Privacy Controls
Initial Public Draft: March 2019
Final Public Draft: June 2019
Final Publication: September 2019
There are 6 major objectives for this update—
-Making the security and privacy controls more outcome-based by changing the structure of the controls;
-Fully integrating the privacy controls into the security control catalog creating a consolidated and unified set of controls for information systems and organizations
-Separating the control selection process from the actual controls: systems engineers, software developers, enterprise architects; and mission/business owners
-Promoting integration with different risk management and cybersecurity approaches and lexicons, including the Cybersecurity Framework
-Clarifying the relationship between security and privacy to improve the selection of controls necessary to address the full scope of security and privacy risks https://www.youtube.com/watch?v=hWWILCZbDho
Course site: https://securitycompliance.thinkific.com I am thinking of doing a course on how to make 6 figures in IT Security. What do you think? Is this something you would be interested in? This is something I know a lot about. I would explain:
The landscape of IT Security
Career paths in IT Security
How to choose the right path
How to prepare for that path
What kinds of IT security jobs make 6 figures
What places and companies pay 6 figures
What certifications, degrees and experience you need to start
How to build a bad ass IT security resume
where to post it how to respond once offers start coming in
I get people contacting me every week about jobs all around the US! Today, I am going to show you a couple that I received recently. I hope that it will give you some idea of what employers and contracts look for in security compliance professionals.
What is payment card industry PCI data security standard DSS?
I got the chance to talk to a Payment Card Industry (PCI) professional. James is in the PCI IT industry and tells about it from inside the field. It is a great opportunity to learn about this growing career path. We talked about how the PCI security standard compares to the Risk Management Framework. Here are some of the resources we talked about: https://www.pcisecuritystandards.org/… https://www.pcicomplianceguide.org/ Enroll to learn MORE on security compliance: https://securitycompliance.thinkific.com
This is an overview of NIST 800-37 Revision 2. I discuss the changes, the sources and Cybersecurity Framework.
NIST Special Publication 800-37, Revision 2
Risk Management Framework for Security and Privacy
Initial Public Draft: May 2018
Final Public Draft: July 2018
Final Publication: October 2018
Source of Changes:
President’s Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Office of Management and Budget Memorandum M-17-25 – next-generation Risk Management Framework (RMF) for systems and organizations
NIST SP 800-53 Revision 5 Coordination
The Nigerian Prince email scam went a little something like this:
You send his highness just a few hundred dollars in exchange for millions. You could trust him because he was a rich prince, but he had been displaced temporarily.
Well, it is basically the same scam but instead of dollars, they want Bitcoin.
With these scams, you send the money, they disappear. People are still hearing about these scams for the first time so they are still losing millions over this.
I talk about why I bought more cryptocurrency during the 1/16/2018 Dip. I talk about how I use the Trezor and ledger for a lot of my crypto. Some troll hops on and starts telling everyone bitcoin is a scam.