• ‰ § ¶ ‡ µ ¢ © «» × ÷ Þ þ ———————————————————————————————————————————————————————————————— \laptop\security\police\zeroTrust.txt https://www.presidency.ucsb.edu/documents/executive-order-14028-improving-the-nations-cybersecurity rapidly improve the security and integrity of the software supply chain Zero Trust Architecture Federal Risk and Authorization Management Program (FedRAMP) Director of OMB and the Assistant to the President and National Security Advisor (APNSA) https://www.whitehouse.gov/briefing-room/ https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/ Executive Order on Improving the Nation’s Cybersecurity May 12, 2021 • Presidential Actions https://www.whitehouse.gov/briefing-room/statements-releases/2021/05/12/fact-sheet-president-signs-executive-order-charting-new-course-to-improve-the-nations-cybersecurity-and-protect-federal-government-networks/ FACT SHEET: President Signs Executive Order Charting New Course to Improve the Nation’s Cybersecurity and Protect Federal Government Networks May 12, 2021 • Statements and Releases https://www.federalregister.gov/presidential-documents/executive-orders/joe-biden/2021 EO 14028? : 05/12/2021 https://www.cisco.com/c/en/us/products/security/zero-trust.html https://www.fedscoop.com/biden-cyber-executive-order-reignites-push-to-cloud-zero-trust/ https://fcw.com/articles/2021/05/12/cyber-executive-order.aspx multi-factor authentication, encryption and end point detection security best practices, including by employing a zero-trust security model https://www.itic.org/documents/cybersecurity/ITI_CybersecruityLabeling_Final_Apr2021.pdf Information Technology Industry Council (ITI) Ensure Labeling Does Not Convey a False Sense of Security name="BEST PRACTICE" • end(beginning) point detection; wirefraud: phishing spoofing • spam: handshake requiring senders email address for giving permission • Sens. John Thune (R-S.D.),Ed Markey (D-Mass.) Act • fequire voice service providers to adopt call authentication technologies • zero-trust security model • multi-factor authentication • push-to-cloud • Ensure Labeling Does Not Convey a False Sense of Security • complete backup operating system as different as possible from the first one • make minimal or no use of graphical intefaces, • keep data separate form active components, • active components should be on write protected media which require human manual override for changing • be aware; chris nyhuis of vigilantnow.com: the vilians study all of the anti-virus software • ... ———————————————————————————————————————————————————————————————— prevention rather than recovery patchwork remedies silverBullet quick-fix one-and-done patches panacia https://www.cyberdefensemagazine.com/state-cyber-security/ Health Insurance Portability and Accountability Act (HIPAA) Gramm-Leach-Bliley Act Nevada law NRS 603A.215 requires encryption California SB-327, defines connected devices ———————————————————————————————————————————————————————————————— https://techbeacon.com/enterprise-it/5-bad-practices-hinder-your-security-how-improve-it today’s cloud-based, global-ecosystem economy—in which organizations need to provide employees and third parties access to corporate applications—is to blame 1. Leveraging firewall rules to manage access control policies 2. Using VPNs to provide secure access 3. Endorsing a network policy of trusting everyone and every device 4. Standing up new enterprise apps, sites without adequate controls 5. Using outdated technology never take a one-and-done approach to security https://waverleysoftware.com/blog/top-software-vulnerabilities/ buffer overflow Improper Output Encoding or Escaping ... Using Components with Known Vulnerabilities. `