Preventing an Inside Job: Detection, Technology and People

Tuesday, June 12, 2018

Cybersecurity technology advances and NIST best practices along with automation and system controls go a long way to minimize errors, but it doesn't completely eliminate the potential for error by human actors. So how can you reduce the opportunity for and damage of a threat to your organization?

Join Harry Perper, Chief Engineer, NIST National Cybersecurity Center of Excellence, and Neha Gupta, CEO of True Office Learning as they discuss best practices for:

  • Optimizing technology and automation to identify and protect against insider threats;
  • Measuring the effectiveness or readiness of people processes;
  • Layering technology and people to minimize risk.

OT Cybersecurity - Securing Your Industrial Operations for Reliability and Uptime

Wednesday, March 28, 2018

In an increasingly interconnected world, it is critical for manufacturers to strengthen their defenses against cyber threats. This is particularly challenging in OT environments due to the variety of protocols, languages and devices involved. To avoid downtime, plant operators need to make sure that their systems aren't changing unexpectedly.

Join Robert Landavazo of Tripwire (NCEP partner) and James McCarthy of the National Institute of Standards and Technology (NIST) and National Cybersecurity Center of Excellence (NCCoE) at 11am PT on March 28 as they discuss the unique challenges of securing industrial operations and how operators can gain the necessary visibility into their OT networks and devices to deter, detect and respond to cybersecurity events.

Tune in to learn:

  • The importance of identifying vulnerable endpoints on your network
  • How to maintain system configurations to reduce downtime and service disruption
  • About Tripwire's unique industrial cybersecurity suite
  • Practical solutions from the NCCoE designed to solve OT/ICS cybersecurity challenges


Automating GDPR Compliance with Standards-Based Security Convergence Solutions

Thursday, February 22, 2018

GDPR compliance requires a holistic approach across the entire enterprise because the PII data resides across many organizational silos, including IT & Physical Access Control Systems. Attend this webinar to learn how many fortune 500s, including global customers in financial / banking / telecommunication sectors are proactively addressing GDPR compliance with a high degree of automation.

NCCoE will present NIST SP 1800-9, “Access Rights Management for the Financial Services Sector,” which leveraged the AlertEnterprise Converged Identity & Access Management (C-IdAM) COTS platform.

AlertEnterprise will discuss how this C-IdAM platform is helping global fortune 500 organizations address GDPR compliance, improve cybersecurity and insider threat postures across IT, Physical Security and OT silos.

Jumpstart Your Cybersecurity Strategy with NIST Guidance

Tuesday, February 20, 2018

In 2017, the total cost of a data breach averaged $3.62 million. Companies who experienced a data breach have a 27.7% likelihood of a recurring material data breach over the next two years. These staggering statistics from a 2017 Ponemon Study highlights the need for a strong cybersecurity strategy going into this year. 

Donna Dodson, Chief Cybersecurity Advisor, NIST 
Hemma Prafullchandra, CTO and EVP Products, HyTrust

In this webinar, experts from the National Institute of Standards and Technology (NIST) will share:

  • Observations and accomplishments from 2017 NIST initiatives
  • NIST’s 2018 cybersecurity focus areas, such as cloud security, internet infrastructure, and industry-aligned (healthcare, financial services) cybersecurity projects
  • Opportunities for industry engagement

HyTrust experts will provide perspectives on:

  • Best practices for automation and continuous compliance with the NIST Cybersecurity Framework
  • Tips to strengthen your security posture and avoid common pitfalls
  • Key resources to jumpstart your 2018 cybersecurity strategy 

Register to view recorded webinar.

PIV Derived Credentials for Strong Authentication in Mobile Applications

Wednesday, January 17, 2018

Join this informative webcast with Entrust Datacard, VMware, and  guest presenters from the National Cybersecurity Center of Excellence at the National Institute of Standards and Technology on January 17 at 2pm. Learn how Federal Government Departments can use PIV Derived Credentials to ensure the security of information while accessing mobile based applications (email, VPN, web applications and more). Plus review your options for protecting digital identities through industry-leading, adaptable authentication solutions. 

Both Entrust Datacard and VMware are collaborators in the NCCoE project to build a reference architecture for the use of Derived PIV Credentials.

Bill Newhouse, NIST Security Engineer at the NCCoE
Chris Brown, Mitre Lead for DPC project at the NCCoE
Dan Miller, U.S. Federal Sales at Entrust Datacard
Eugene Liderman, Director of Product Management at VMware


NIST Cybersecurity Guides for the Financial Services Sector: Webinar

Monday, January 23, 2017

Splunk and other partners have been working with NIST’s National Cybersecurity Center of Excellence (NCCoE) to address key challenges in the financial sector.

One project focuses on access rights management, with an example solution that can help financial institutions to more effectively issue, validate, modify, and revoke access rights across their entire enterprise.  

Another project focuses on IT asset management, with an example solution that can enhance the visibility of IT assets and enable faster response to security alerts. 

These efforts have resulted in the publication of two NIST 1800 series publications, which are available for download at: https://nccoe.nist.gov/projects/use-cases/financial-services-sector.

Splunk and NCCoE experts will discuss the example solutions in a webinar on January 23, 2018 at 2pm eastern time. If you can’t attend the webinar in real time, you can still receive the recorded version.

Webinar: Mobile App SSO for First Responders

Thursday, December 7, 2017

On-demand access to public safety data is critical to ensuring that public safety and first responder (PSFR) personnel can deliver the proper care and support during an emergency. This requirement necessitates heavy reliance on mobile platforms while in the field, which may be used to access sensitive information. However, complex authentication requirements can hinder the process of providing emergency services, and any delay—even seconds—can become a matter of life or death.

In collaboration with industry subject matter experts and stakeholders, including members of the FIDO Alliance, NIST’s National Cybersecurity Center of Excellence (NCCoE) is aiming to help PSFR personnel efficiently and securely gain access to mission data via mobile devices and applications using standards-based commercially available and open source products.

In this webinar, the NCCoE’s Bill Fisher will demonstrate their Mobile Application Single Sign-On project, a reference design that integrates FIDO multifactor authentication (MFA) with mobile single sign on (SSO) for native and web applications, designed to help reduce the number of credentials PSFR must juggle and decrease time spent on authentication. The architecture uses FIDO and other standards-based technology to improve interoperability between mobile platforms, applications, and identity providers irrespective of the application development platform used in their construction and to support a diverse set of credentials, enabling PSFR organizations to choose a MFA solution that is both secure and speedy. To learn more about this project before the webinar, visit https://nccoe.nist.gov/projects/use-cases/mobile-sso.

Online Trust Alliance Webinar

Tuesday, November 29, 2016

NIST cybersecurity engineers Scott Rose and Curt Barker will discuss the NCCoE DNS-Based Email Security project at an Online Trust Alliance (OTA) webinar on Tuesday, November 29. Microsoft Corp, a partner in the NCCoE project, invited the NCCoE to this presentation. This webinar is part of the OTA’s monthly cybersecurity presentation series.

Mobile Security Community of Interest Teleconference

Friday, December 9, 2016

The NCCoE will be hosting a conference call for individuals from industry, academy, and government interested in identifying mobile security challenges, providing practical mobile security expertise, and helping guide NCCoE mobile security projects. 

We intend for this Community of Interest to meet once a month for about an hour via teleconference. The first call will be on Friday, December 9 at 2pm ET. A portion of the call will be used to decide a more convenient time for regular Mobile Security Community of Interest meetings. We will also brief on past efforts and solicit input on new areas of interest.

Join online here, or join by phone at 1-855-797-9485 for toll-free, or 1-415-655-0002 for tolled. The meeting number is: 192 124 770. No password is required to access the meeting.

Please note: this is a public working group.