In one look.
- CISA publishes a guide to reporting cyber incidents.
- The US NCCoE stresses the importance of patch management.
CISA publishes a guide to reporting cyber incidents.
The US Cyber and Infrastructure Security Agency has Posted advice to owners and operators of critical infrastructure, as well as government partners, on sharing information about cyber incidents. Cyber Event Information Sharing Fact Sheet Emphasizes That Transparency About Cyber Activity Is Key To Better Understanding How Adversaries Are Trying To Infiltrate US Networks, Especially Those In Critical Infrastructure Sectors . The guide explains “This information fills critical information gaps and enables CISA to rapidly deploy resources and assist victims of attacks, analyze incoming reports across all sectors to spot trends and to promptly share this information with network defenders to warn other potential victims.” Entities are advised to “watch, act and report” to communicate information about incidents including data breaches, denial of service (DOS) attacks, malicious code detection, ransomware and phishing attempts. Stakeholders are encouraged to complete an incident report form or send an email to [email protected].
The US NCCoE stresses the importance of patch management.
The National Cybersecurity Center of Excellence (NCCoE) also released cybersecurity-related guidelines this week, HIPAA Journal reports, in the form of two new publications offering guidance on enterprise patch management practices: “Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology” and “Improving Enterprise Patching for General IT Systems: Utilizing Existing Tools and Performing Processes in a Better Way”. The NCCoE explains, “Patching is an essential part of preventive maintenance of IT technologies, a cost of doing business and a necessary part of what organizations must do to accomplish their missions. This helps prevent compromises, data breaches, operational disruptions, and other unwanted events. Although patching is recognized by IT professionals as a fundamental measure to prevent crippling network outages, many business leaders find the patching and upgrading process overwhelming. and time-consuming. In developing both guides, the NCCoE incorporated recommendations from cybersecurity technology vendors to provide strategies that can be tailored to each organization’s needs.