IT and Business Insights for SMB Solution Providers

Jay Ferron's blog

NCCoE Releases Draft Project Description for DevSecOps

The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps. Publication of this project description begins a process to solicit public comments for the project requirements, scope, and hardware and software components for use in a laboratory environment.

Using Business Impact Analysis to Inform Risk Prioritization and Response: NIST IR 8286D available for public comment

 Traditional business impact analyses (BIAs) have been successfully used for business continuity and disaster recovery (BC/DR) by triaging damaged infrastructure recovery actions that are primarily based on the duration and cost of system outages (i.e., availability compromise). However, BIA analyses can be easily expanded to consider other cyber-risk compromises and remedies.

Pages

Subscribe to RSS - Jay Ferron's blog