NIST 800 37 Revision 2 – RMF for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy

Download the presentation in this Video & Learn more here:

This is an overview of NIST 800-37 Revision 2. I discuss the changes, the sources and Cybersecurity Framework.

NIST Special Publication 800-37, Revision 2
Risk Management Framework for Security and Privacy
Initial Public Draft: May 2018
Final Public Draft: July 2018
Final Publication: October 2018

NIST 37-800 Rev 2:

Executive Order:


Cybersecurity Framework:

NIST SP 800-53 (Revision 5):

Source of Changes:
President’s Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Office of Management and Budget Memorandum M-17-25 – next-generation Risk Management Framework (RMF) for systems and organizations
NIST SP 800-53 Revision 5 Coordination

gmail security

gmail security

gmail security

Gmail is one of my favorite email products.  Its free, its extremely good at collecting and organizing data (in-line with google’s vision of world information organization domination) and its so intuitive.

The gmail security features are kind of tucked away to bring the organization and search functions to the foreground.  But once you know where they are, its easy.

1. First, browse into your email and sign in.


2. Inside your email under your name, click privacy.

3. Under Account Privacy, hit Security and add alternate recovery email and mobile number.   This will allow gmail security to alert you of any suspicious activity such as someone attempting to access your account.

gmail security

gmail security

Dangers of Surfing the Web with an Admin Account

If you bought a Dell or Gateway, more than likely you only have one account on your computer with no password. That account runs as the administrator. If your system has no user name or password applied, it is running as an administrator account.

This is how so many people get viruses. When you surf the web as an administrator is allows malicious applications (viruses, worms, Trojans and other malware) to download to your computer and run as the administrator. This means they can replace system files with viruses, create back doors and harm other computers on your network. They can also spy on you manipulate your browser or do anything else they want to do.

One way to greatly minimize the effects of viruses is to create accounts on your system and only use the administrator account when its necessary. Create a limited user account that you use when surfing the web, getting into your email or doing other small tasks that don’t require downloading or installing applications.

With a limited account, even if the malware is downloaded, it will not be able to install.

Why is Internet Safety Important

Dangers on the Internet
The amazing freedom and availability of the Internet lends itself to a few major dangers: Pr0n, malware and how to perform illegal and/or dangerous activities.

Whether it is a curious person seeking these things out or the child accidentally clinking the wrong link and getting bombard with explicit pop-ups, the items lists can be harmful to an impressionable mind. Policies must be enforced.

There are a few groups that should have limited exposure to certain types of information on the Internet. Children, mentally handicapped or psychologically damaged people in settings such as schools, homes, rehabilitation or correctional facilities and group homes should be blocked, tracked and monitored while accessing the Internet. Certain information could destroy them if they don’t yet have the capacity to understand or put certain information in the proper context.

Protection from Pornography & Malware

In a professional setting there should be a written policy against accessing and/or downloading unacceptable material such as pornography. These items should be actively blocked whether in a working environment or at home among minors accessing the same system. Allowing impressionable or fragile minds unlimited access to certain graphic material is irresponsible. The law is also a good reason why Internet safety is important. If you are the owner or charged with immediate control of the system being used for illegal activity, you could be partially or wholly liable for the activity. An example is substitute teacher Julie Amero

On October 19, 2004, Julie Amero was substituting for a seventh-grade language class at Kelly Middle School in Norwich, Connecticut. The teacher’s computer was accessed by pupils while the regular teacher, Matthew Napp, was out of the room. When Julie took charge, the computer started showing pornographic images.

On January 5, 2007, Amero was convicted in Norwich Superior Court on four counts of risk of injury to a minor, or impairing the morals of a child. Her sentencing was delayed four times after her conviction, with both the prosecution and judge not satisfied that all aspects of the case had been assessed.[1] The felony charges for which she was originally convicted carry a maximum prison sentence of 40 years

– wikipedia

The Kelly Middle School systems were actually infected with malware that allowed the explicit pictures to pop up.

Access to Dangerous information

From the Columbine shooters to the Virginia Tech massacre, most of the killers had a recorded history of mental illness and/or psychologically instability. In many cases, they used public and/or home computers belonging to their parents to research bomb making or even purchase guns.

Controlling access is the best way to get on the Internet safely. Maintaining privacy of users is another important step in Internet safety, however that is a matter of educating users particularly if the frequent Social networks such as facebook or myspace. They need to be instructed about the dangers of stalkers, perverts and predators looking specifically for impressionable minds.

We are the keepers of these impressionable and fragile minds. That is the reason Internet safety is important and why we must be mindful of these subjects.

Prevent Computer Viruses

In the last three years or so I haven’t had a single computer virus on my main system unless I put it there on purpose.  I use a very simple method to prevent computer viruses and malware from ever getting on my system. 

check it out here:


Spy on Co-workers, Spouse and Kids

a message to a reader.

A personal note about monitoring: I spied on my wife and I’ll just say that there are somethings you may not want to know. Now, I know that a spouse and a child are totally different issues, I would just like you to realize the power of these tools. You must also take great care in making absolutely CERTAIN they don’t find out you are spying, because trust is sometimes impossible to get back. It can be like throwing gas on a candle flame. There are also tools that can counter the spying tools.

With all that being said: I’ve got two beautiful little girls and when they are old enough I will DEFINITELY spy on them. Its not so much my lack of trust on them, as it is my knowledge of predators on the Net.

Terms for you to know:

keylogger – software or device that monitors every key stroke. Used by parents, spouses, bosses and covert, subversive spying. Typically only for a local machine (you install it on a system then have to get on that machine to get the data off of it when they are gone.)

network keylogger – keylogger for every computer on a network managed from a primary computer. These are more expensive but can give real-time spying.

Stealth mode – keyloggers/spy software usually has a key stroke like Ctrl+Alt+6 that will allow you to make the application run completely undetected.


These tools range from 30-day free demos to $300 for some of the better tools. I won’t spend less than $29 dollars if you are not computer savy. There are $10 one that are created by independent hackers but you have to know computer well to use them.

Review of spy tools
(look through this list – look for fairly priced software that looks easy to use and have the ability to send information to you via network, email or share drive. If you can get the spy data when they go to school or work then you don’t need it emailed or networked.
Don’t worry about technical stuff, they will usually tell you exactly how to use it unless you get some 10 dollar product made for hackers.

18 Days of Reckless Computing

Someone over at wired gives tests his new Dell to see how many viruses and how much malware it takes to get the Geek Squad to call it a total loss.

read more | digg story

10 Security Suite Reviews : Who's Got Your Back

All-in-One Security

Suites of antivirus, antispyware, and firewall software can provide convenient, solid protection against today's worst threats. Our tests of ten contenders show who's got your back.

read more | digg story

Computer Viruses Monitored via Dynamic Worldmap

You'll be able to view Previous Hour, Previous Day, Previous Month, This Year, and Previous Year. Color Coding has 6 Ranges (No Data, Quiet, Low, Medium, High, and Epidemic)

read more | digg story

She Cracked my Hotmail Password: a sad shoulder surfing story

Ever type in your password at work and notice that there is someone standing behind you watching your fingers very closely as if trying to decipher you password? This is known as “Shoulder Surfing.”

If you don't think it is possible to eyeball someone's keystrokes and know their password, think again.

In the '90s, I didn't know much about computers or computer security. I was a military cop well versed in physical security and air base ground defense and only used computers for screwing around. My passwords were as easy as possible so I could remember them.

I didn't fully appreciate the importance of having a strong password until my wife hacked my Hotmail account. No big deal right… WRONG. Like I said I was screwing around. I was big into flirting in chat rooms and on email. I was just having fun with what I thought were beautiful young ladies, but who (realistically) were probably neither beautiful or young or (shedding a tear) ladies.

I'd been spending so much time online with chatrooms and EverQuest (a.k.a EverCrack) that my wife started to get very jealous of the computer and suspected I was up to something. So she shoulder surfed me one night, got my password, and got into my account while I was at work.

To make a long story even longer, my wife went crazy. She called my job screaming, I had to respond to my own house, my weapon was taken away (this is like being neutered for a cop), and the beautiful young lady that I was chatting with…. It was a man (yeah, it was like a cyber Crying Game). Needless to say, I don't do much of ANY chatting these days. But I digress.

Tips to guard your hotmail account cracks, via shoulder surfers.

1 2 3 5