News for Admins

Tech News

Article from ADMIN 75/2023
By
In the news: NIST Updates Cybersecurity Framework; Poor Cloud Security Practices Put Organizations at Risk; ORNL and NOAA Launch New Supercomputer for Climate Research; DOE Envisions New High Performance Data Facility; VMware Updates Tanzu with New Security Features; Microsoft Launches AI-Powered Security Copilot; IBM Deploys First Quantum Computer Dedicated to Healthcare Research; LPI Announces IT Security Essentials Certification

NIST Updates Cybersecurity Framework

Major updates to NIST's Cybersecurity Framework (CSF) are underway, with the new CSF 2.0 expected in 2024.

"Based on stakeholder feedback, in order to reflect the ever-evolving cybersecurity landscape and to help organizations more easily and effectively manage cybersecurity risk, NIST is planning a new, more significant update to the framework: CSF 2.0," NIST says. The framework was initially produced in 2014 and updated to CSF 1.1 in 2018.

NIST plans to seek stakeholder feedback throughout the process, and a discussion draft is now available for review (https://www.nist.gov/system/files/documents/2023/04/24/NIST%20Cybersecurity%20Framework%202.0%20Core%20Discussion%20Draft%204-2023%20final.pdf). "The modifications from CSF 1.1 are intended to increase clarity, ensure a consistent level of abstraction, address changes in technologies and risks, and improve alignment with national and international cybersecurity standards and practices," according to the draft document.

Check out NIST's Journey to CSF 2.0 website (https://www.nist.gov/cyberframework/updating-nist-cybersecurity-framework-journey-csf-20) for the proposed timeline and other information.

Poor Cloud Security Practices Put Organizations at Risk

Many organizations are failing to implement basic cloud security practices and address known vulnerabilities in a timely fashion, according to a new report from Palo Alto Networks' Unit 42.

The Unit 42 Cloud Threat Report , Volume 7 (https://unit42.paloaltonetworks.com/cloud-threat-report-expanding-attack-surface/), details issues observed in thousands of multi-cloud environments, noting that these "gaps in security are getting more attention from threat actors."

Findings from the report include:

  • Security teams take approximately six days on average to resolve a security alert.
  • Sixty percent of organizations take more than four days to resolve security issues.
  • Eighty percent of alerts in most cloud environments are triggered by just five percent of security rules.
  • Seventy-six percent of organizations don't enforce multi-factor authentication (MFA) for console users, while 58 percent don't enforce MFA for root/admin users.
  • Sensitive data was found in more than half of publicly exposed storage buckets.

"For threat actors, each workload in the cloud presents an opportunity, and without proper management, organizations are exposed to risk in countless ways," the report says.

ORNL and NOAA Launch New Supercomputer for Climate Research

Oak Ridge National Laboratory (ORNL) has partnered with the National Oceanic and Atmospheric Administration (NOAA) to launch a new supercomputer dedicated to climate science research, which will be one of three NOAA computers operating at ORNL.

The new system, called C5, is an HPE Cray machine with more than 10 petaflops (or 10 million billion calculations per second) of peak theoretical performance, which is almost double the power of the two previous systems combined, says the announcement (https://cleantechnica.com/2023/04/12/new-supercomputer-for-climate-science/).

The goal of the partnership is to increase NOAA's climate modeling capabilities to advance critical research.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • NIST Releases Draft of Cybersecurity Security Framework v2.0
  • News for Admins
    In the news: US Agencies Issue Quantum-Readiness Recommendations; Bitwarden Secrets Manager; IBM X-Force Releases Detection and Response Framework for Managed File Transfers; National Strategy to Expand US Cyber Workforce; SEC Adopts New Rules for Disclosure of Cybersecurity Incidents; Canonical Announces Real-Time Ubuntu for Intel Core; EU-US Data Privacy Framework Ensures Safe Data Transfers; IEEE Releases New Standard for LiFi Communications; EU Health Sector Security Risks; and JupyterLab 4.0.
  • News for Admins
    In the news: CIQ Offers Long-Term Support for Rocky Linux on AWS; Apple's PQ3 Brings Post-Quantum Security to iMessage; Google Open Sources Magika File-Type Detection System; Microsoft Announces Sudo for Windows; Linux Foundation Launches Post-Quantum Cryptography Alliance; Sys Admins Saw the Biggest Average Salary Increase in 2023, According to Dice; Use of Open Source Software Increased Significantly in 2023; Docker Build Cloud Announced; Wi-Fi CERTIFIED 7 Announced; EU Commissions Nostradamus Project for Quantum Testing; and NIST Identifies Main Types of Adversarial Machine Learning Threats, GitLab Announces Critical Security Releases.
  • VMware Updates Tanzu with New Security Features
  • US Agencies Issue Quantum-Readiness Recommendations
comments powered by Disqus