According to NIST in its recently published paper on forensic science challenges and the cloud, “Cloud computing has revolutionized the methods by which digital data is stored, processed, and transmitted.” The paper goes on to highlight that, “One of the most daunting new challenges is how to perform digital forensics in various types of cloud computing environments. The challenges associated with conducting forensics in different cloud deployment models, which may cross geographic or legal boundaries, have become an issue.” The complete paper, NIST Cloud Computing Forensic Science Challenges, published in August of 2020, aggregates, categorizes, and discusses the forensics challenges faced by experts when responding to incidents that have occurred in a cloud-computing ecosystem.
A New Model for Cybersecurity? NIST Details Framework for Zero Trust Architecture
As highlighted in NIST Special Publication 800-207, no enterprise can eliminate cybersecurity risk. However, when complemented with existing cybersecurity policies and guidance, identity and access management, continuous monitoring, and general cyber hygiene, a properly implemented and maintained Zero Trust Architecture (ZTA) can reduce overall risk and protect against common threats.
A Window into Malware? The New Malware Reverse Engineering Handbook from CCDCOE
According to Wikipedia, malware analysis is the study or process of determining the functionality, origin, and potential impact of a given malware sample. In this new handbook from the NATO Cooperative Cyber Defence Centre of Excellence, the authors share concise insight and general techniques for analyzing the most common malware types for the Windows OS.
Cloudy Considerations? ESMA Draft Guidelines on Outsourcing to Cloud Service Providers
According to the European Securities and Market Authority (ESMA) Chair, Steven Maijoor, cloud outsourcing can bring benefits to firms and their customers, for example, reduced costs and enhanced operational efficiency and flexibility. Cloud outsourcing also raises important challenges and risks that need to be properly addressed, particularly in relation to data protection and information security. Financial markets participants should be careful that they do not become overly reliant on their cloud services providers. They also need to closely monitor the performance and the security measures of their cloud service provider and make sure that they are able to exit cloud outsourcing arrangements as and when necessary.
A Matter of Opinion? An EDPS View on the European Data Strategy
According to the European Data Protection Supervisor (EDPS) in his recent opinion on the European Data Strategy, the predominant business model of the digital economy is characterized by an unprecedented concentration of data in the hands of a handful of powerful players, based outside the EU, and wide-scale pervasive tracking. The EDPS goes on to share that he strongly believes that one of the most important objectives of the European Data Strategy should be to prove the viability and sustainability of an alternative data economy model – open, fair, and democratic.
From Critical Infrastructure to Calamity Avoidance: Two Important Cyberspace Solarium Commission Reports on Cybersecurity
According to the recently published Cyberspace Solarium Commission report “Cybersecurity Lessons from the Pandemic,” the COVID-19 pandemic illustrates the challenge of ensuring resilience and continuity in a connected world. Many of the effects of this new breed of crisis can be significantly ameliorated through advance preparations that yield resilience, coherence, and focus as it spreads rapidly through the entire system, stressing everything from emergency services and supply chains to basic human needs and mental health. The pandemic produces cascading effects and high levels of uncertainty. It has undermined normal policymaking processes and, in the absence of the requisite preparedness, has forced decision-makers to craft hasty and ad hoc emergency responses.
A Cybersecurity Self Check? Medical Facilities Best Practice Test Criteria for Article 32 GDPR
According to the publishers, this paper is an aid to quickly checking your own security with regard to the availability of your own data processing within the meaning of Article 32 GDPR. The scope includes both the non-public as well as the public area. The work was created in a collaboration between the Bavarian State Office for Data Protection Supervision (BayLDA) and the Bavarian State Commissioner for Data Protection (BayLfD).
Classifications, Concerns, and Concepts: Reference Architectures and the Industrial Internet of Things
The expected disruptive developments collectively referred to as the Internet of Things (IoT) have drawn significant attention in many industries, disciplines, and organizations. While the concrete benefits and requirements are still not sufficiently clear, the general agreement on its relevance and impact is undeniable. As a result, a large number of initiatives and consortia from industry and research have been formed to all set the de facto standards and best practices. This work contributes to the state of the art by providing a structured analysis of existing reference frameworks, their classifications, and the concerns they target.
Considering Cybersecurity? National Cyber Security in Practice: A New Handbook
“There are several international standards and guidelines for developing the cybersecurity of a single organization, but it is difficult to find comprehensive tools for national governments. This handbook – National Cyber Security in Practice – is designed to fill that gap. The articles, written by seasoned experts, will give the reader an overview of the key elements that underpin the cybersecurity architecture of any country,” highlighted Arvo Ott, Chairman of the Management Board of e-Governance Academy.
A Relevant Ransomware Scenario: The Targeting of Municipal Governments and Healthcare Providers
One of the cyber scenarios highlighted in the Cyber Law Toolkit describes the potential use of ransomware against municipal governments and healthcare providers. Given the pandemic and recession constraints in today’s world, this scenario and its potential implications are more relevant than ever and worthy of consideration by legal, business, and information technology professionals.