It’s “Critical Infrastructure Security and Resilience Month” – check out new resources from the U.S. government to better protect these essential organizations. Plus, the U.K.’s cyber agency is offering fresh guidance for mitigating the quantum computing threat. In addition, do you need a generative AI policy in your company? An ISACA guide could be helpful. And much more!
Dive into six things that are top of mind for the week ending November 10.
If critical infrastructure security is in your wheelhouse, November is a special month for you. Why? Again this year, the White House has declared November to be “Critical Infrastructure Security and Resilience Month.”
Although critical infrastructure protection encompasses various threats, such as natural disasters, it’s no surprise that a significant portion of the proclamation is devoted to preventing cybersecurity attacks.
“We know that to protect our critical infrastructure we must improve our cybersecurity,” the document reads.
As part of the effort, the Cybersecurity and Infrastructure Security Agency (CISA) called on all involved with critical infrastructure security to “resolve to be resilient.”
CISA also published a “Critical Infrastructure Security and Resilience Month Toolkit” that includes recommendations for private sector organizations, risk management agencies, state and local governments, and members of Congress.
The toolkit also contains links to many resources; communication templates for promoting “Critical Infrastructure Security and Resilience Month”; and an FAQ about protecting critical infrastructure.
To get more details, check out:
CISA's Dr. David Mussington kicks off Critical Infrastructure Security Month
And as part of “Critical Infrastructure Security and Resilience Month,” CISA, the Department of Homeland Security and the Federal Emergency Management Agency (FEMA) have launched the “Shields Ready” campaign. It urges critical infrastructure organizations to beef up their resilience so they’re better prepared for cyberattacks and other threats.
Recommendations for critical infrastructure operators from the “Shields Ready” campaign include:
The “Shields Ready” campaign complements other existing critical infrastructure security campaigns from CISA and FEMA.
To get more details about “Shields Ready,” check out:
Is the threat from future quantum computers on your radar screen yet? By all accounts, it should be. The latest warning comes from the U.K. National Cyber Security Centre (NCSC).
Although “quantum resistant” algorithms are in the works, cybercriminals are swiping confidential data now to decrypt it later with quantum computers, which are expected to be available by around 2030.
In its new guidance, the NCSC offers best practices for mitigating the risk these powerful computers will pose to data encrypted with today’s public-key cryptographic (PKC) algorithms. The NCSC advice focuses on helping organizations adopt “post-quantum cryptography” or (PQC).
Also known as “quantum resistant” cryptography, these algorithms will be able to protect data from attacks that use quantum computers, but migrating to this new technology won’t be a simple process.
“These algorithms will not necessarily be drop-in replacements for the current PKC algorithms in protocols or systems, so system owners should begin planning for the migration to PQC,” reads the new NCSC white paper titled “Next steps in preparing for post-quantum cryptography.”
In short, while these new algorithms aren’t yet ready for prime time, organizations should start laying the groundwork for their adoption now.
To get all the details of the NCSC’s guidance, check out:
For more information about the quantum threat:
VIDEOS
Post-Quantum Cryptography: the Good, the Bad, and the Powerful (NIST)
What is Quantum Cryptography? An Introduction (TechTarget)
NIST Post Quantum Cryptography Update (Accredited Standards Committee X9)
During our recent webinar “Tenable & Ermetic: What’s Next and Needed for Truly Effective Enterprise Cloud Security,” we polled participants on various cloud security topics. Here’s what they said when we asked them what their biggest cloud security challenges are, who’s in charge of cloud security at their organization and more.
(154 respondents polled by Tenable in October 2023)
(162 respondents polled by Tenable in October 2023)
(170 respondents polled by Tenable in October 2023)
Want to find out what was discussed at the “Tenable & Ermetic: What’s Next and Needed for Truly Effective Enterprise Cloud Security” webinar? Watch it on demand!
As a technology that’s seeing rapid evolution and robust adoption, generative AI represents a challenge for those tasked with drafting policies for its use.
If you work in cyber, compliance or risk management, chances are you’re involved in creating guardrails for your organization’s secure, compliant and legal use of generative AI.
If so, you might find relevant insights and recommendations in the new guide from ISACA titled “Considerations for Implementing a Generative Artificial Intelligence Policy.”
Here’s a small sampling of key considerations ISACA recommends should be taken into account:
Along with the guide, ISACA conducted a poll that found that most organizations are using generative AI without having drafted an acceptable usage policy.
The study, based on a poll of 2,300 pros who work in audit, risk, security, data privacy and IT governance, found that:
To get more details, check out:
The Center for Internet Security has announced the updates it made to its CIS Benchmarks in October, including new secure configuration recommendations for Microsoft 365 and for several versions of macOS and Windows Server.
Here’s the full list of updated CIS Benchmarks for October:
To get more details, read the CIS blog “CIS Benchmarks November 2023 Update.” For more information about the CIS Benchmarks list, check out its home page, as well as:
CIS Benchmarks (CIS)
Juan has been writing about IT since the mid-1990s, first as a reporter and editor, and now as a content marketer. He spent the bulk of his journalism career at International Data Group’s IDG News Service, a tech news wire service where he held various positions over the years, including Senior Editor and News Editor. His content marketing journey began at Qualys, with stops at Moogsoft and JFrog. As a content marketer, he's helped plan, write and edit the whole gamut of content assets, including blog posts, case studies, e-books, product briefs and white papers, while supporting a wide variety of teams, including product marketing, demand generation, corporate communications, and events.
Enter your email and never miss timely alerts and security guidance from the experts at Tenable.
Formerly Tenable.io
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.
Formerly Tenable.io
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
100 assets
Choose Your Subscription Option:
Thank you for your interest in Tenable.io. A representative will be in touch soon.
FREE FOR 7 DAYS
Tenable Nessus is the most comprehensive vulnerability scanner on the market today.
Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.
Fill out the form below to continue with a Nessus Pro Trial.
Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.
Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.
BUY
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
100 assets
Choose Your Subscription Option:
Thank you for your interest in Tenable.io. A representative will be in touch soon.
Formerly Tenable.io Web Application Scanning
Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.
Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.
Formerly Tenable.io Web Application Scanning
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.
Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.
Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.
Thank you for your interest in Tenable Lumin. A representative will be in touch soon.
Formerly Tenable.sc
Please fill out this form with your contact information.
A sales representative will contact you shortly to schedule a demo.
* Field is required
Formerly Tenable.ot
Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.
Formerly Tenable.ad
Continuously detect and respond to Active Directory attacks. No agents. No privileges.
On-prem and in the cloud.
Exceptional unified cloud security awaits you!
We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.
Exposure management for the modern attack surface.
Formerly Tenable.asm
Know the exposure of every asset on any platform.
Thank you for your interest in Tenable Attack Surface Management. A representative will be in touch soon.
FREE FOR 7 DAYS
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
FREE FOR 7 DAYS
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.