Cybersecurity and Information Systems Digest

7 JULY 2021

Featured Technical Inquiry

Security-Conscious Password Behavior From the End-User’s Perspective

Even though technical solutions for security problems are widespread, there are no adequate security measures against precarious user behavior.  Even if hashing and encrypting are used correctly in masking the passwords, attackers can bypass these strongpoints by going for the weakest link.  Most likely this will happen through sharing a password, using an already leaked password, or creating a feasibly guessable password (Olmstead & Smith, […]

Learn More

Voice From the Community

Dr. Carol Woody

Principal Researcher

Dr. Carol Woody is a principal researcher for the CERT division of the Software Engineering Institute at Carnegie Mellon University. Her research focuses on building capabilities and competencies for measuring, managing, and sustaining cybersecurity for highly complex networked systems and systems of systems. Dr. Woody has successfully implemented technology solutions for such diverse domains as banking, mining, manufacturing and finance. She has coauthored a book Cyber Security Engineering: A Practical Approach for Systems and Software Assurance published by Pearson Education as part of the SEI Series in Software Engineering. The CERT Cybersecurity Engineering and Software Assurance Professional Certificate, released in March 2018, is based on the research she led. Dr. Woody holds a B.S. in mathematics from the College of William & Mary, an M.B.A. with distinction from Wake Forest University, and a Ph.D. in information systems from NOVA Southeastern University.

Featured News

CISA Launches New Joint Cyber Defense Collaborative

The Cybersecurity and Infrastructure Security Agency (CISA) announced the standup of the Joint Cyber Defense Collaborative (JCDC), a new agency effort to lead the development of cyber defense operations plans, and to execute those plans in coordination with partners from the federal interagency, private sector, and state, local, tribal, territorial (SLTT) government stakeholders to drive down risk before an incident and to unify defensive actions […]

Learn More

Recent News

Defeating Malicious Cyber Actors Requires Partnerships

Participating on a panel alongside other high-level officials from the federal, state, and private sector, National Security Agency Deputy Director George Barnes discussed NSA’s role within the nation’s shared response to future malicious cyber activities…

NSA, CISA Release Kubernetes Hardening Guidance

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) recently released a cybersecurity technical report, “Kubernetes Hardening Guidance,” that details threats to Kubernetes environments and provides configuration guidance to minimize risk.

NIST Study on Kids’ Passwords Shows Gap Between Knowledge of Password Best Practices and Behavior

NIST researchers surveyed kids in 3rd – 12th grade about their password knowledge and practices. The study found that children are learning best practices, such as memorizing passwords, but are demonstrating a gap between their…

CISA Provides Recommendations for Protecting Information From Ransomware-Caused Data Breaches

CISA has released the fact sheet “Protecting Sensitive and Personal Information From Ransomware-Caused Data Breaches” to address the increase in malicious cyber actors using ransomware to exfiltrate data and then threatening to sell or leak…

Ethical, Legal Implications of Paying Ransoms

Ransomware has emerged as one of the most virulent cybersecurity risks. In recent years, particularly during the pandemic, ransomware attacks have become more focused, sophisticated, costly, and numerous. As ransomware tactics evolve, companies must make…

How to Defeat the Info-Warfare “Triad of Disruption”

According to this article, social media technologies, propaganda, and false news have posed unprecedented challenges to the U.S. government and the U.S. Defense of Department. Hackers have been used to control the public through the…

Want to be featured in our biweekly digest?

Submit your "Voice From the Community"

Upcoming Events

DoDIIS Worldwide

Join experts and innovators from across the U.S. Department of Defense, intelligence community, industry, and academia to share unique insights on this year’s conference theme:  Foresight 20/20:  Building a New Digital Ecosystem. This theme emphasizes…

I/ITSEC 2021

The annual Interservice/Industry Training, Simulation, and Education Conference (I/ITSEC) is the world’s largest modeling, simulation, and training event. It features peer-reviewed paper presentations, tutorials, special events, professional workshops, a commercial exhibit hall, a serious games…

Cybersecurity Symposium for Smart Cities 2021

This symposium will showcase success stories of California cities and communities that have maximized digital opportunities during the COVID-19 era. It will also discuss ways to digitally maximize the recent Infrastructure Bill.

MORS Emerging Techniques Forum

This year’s theme of “Digital Transformation” focuses on advances in computing tools, technologies, and techniques that revolutionize analysis at scale to enhance awareness and understanding, from strategic decisions to the tactical edge. This conference will…

Workshop on Cybersecurity Labeling Programs for Consumers: Internet of Things (IoT) Devices and Software

On September 14-15, 2021, NIST will host a virtual public workshop on challenges and practical approaches to initiating cybersecurity labeling efforts for IoT devices and consumer software.  The workshop will help NIST carry out an Executive…

(ISC)² 2021 Security Congress

The 2021 Security Congress is the first hybrid (ISC)² Security Congress. The purpose of this event is to help provide cybersecurity professionals with security best practices, processes, and procedures in combatting the latest cybersecurity challenges….

IEEE Secure Development Conference

SecDev is a venue for presenting ideas, research, and experience about how to develop secure systems. It focuses on theory, techniques, and tools to “build security in” to existing and new computing systems, not just…