The document provides a behavior-based model of the tactics and techniques employed by fraudsters.

The post MITRE Releases Fight Fraud Framework appeared first on SecurityWeek.

The Department of Health and Human Services unveiled a tool Thursday to help health care facilities assess their cybersecurity risks, elevating the emphasis on those threats to the kind produced by weather conditions and other dangers.

The assistance from HHS’s Administration for Strategic Preparedness and Response (ASPR) comes in the form of an update to the Risk Identification and Site Criticality (RISC) 2.0 Toolkit to include a specific focus on cybersecurity. 

RISC is a free tool to help organizations identify threats and vulnerabilities, estimate consequences and share their findings with others. Now it will include a cybersecurity module, too.

The module walks users through a series of questions and measures them against the influential National Institute for Standards and Technology Cybersecurity Framework 2.0, as well as HHS’s own voluntary cybersecurity performance goals.

John Knox, principal deputy assistant secretary at ASPR, said the change was a response to growing cyber threats.

“This module is the latest addition to our toolkit of resources to assist our health care and public health partners in preventing the disruption of patient care and strengthening national health security,” Knox said in a news release. “We must acknowledge that cyber safety is patient safety and that cyber threats can cause cascading problems across the health care industry. The new cybersecurity module will help our partners understand what is needed to strengthen their resilience and we strongly encourage them to take advantage of it.”

It continues an emphasis ASPR’s Charlee Hess discussed at CyberTalks last month, with the landmark Change Healthcare attack prompting the HHS division to look at ways to help organizations manage risk from third-party providers.

Errol Weiss, chief security officer at the Health Information Sharing and Analysis Center, said the creation of the cyber module was a “smart move,” with the RISC toolkit already being integrated into thousands of health care systems. He also liked the toolkit leaning on the NIST framework and HHS’s performance goals.

“By putting cyber side‑by‑side with other threats and hazards in a unified platform, RISC 2.0 can help hospital and health system leaders see cyber exposure in the same context as hurricanes, active shooters, or power failures,” he said in an emailed response to CyberScoop. “That visibility can drive more informed conversations at the executive and board levels about where to invest in cybersecurity, what gaps are most critical, and how cyber disruptions might cascade into real impacts on patient care.”

The post HHS updates a free risk tool to help hospitals size up their cybersecurity exposure appeared first on CyberScoop.

| Niccolo Arboleda | Guest Author Niccolo Arboleda is a cybersecurity enthusiast and student at the University of Toronto. He is usually found in his home lab studying different cybersecurity […]

The post At Home Detection Engineering Lab for Beginners appeared first on Black Hills Information Security, Inc..

Kent Ickler // TL;DR: This post describes the process of building an active system to automatically recon SPF violations. Disclaimer: There are parts of this build that might not be legal […]

The post Offensive SPF: How to Automate Anti-Phishing Reconnaissance Using Sender Policy Framework appeared first on Black Hills Information Security, Inc..

Kent Ickler and Derrick Rauch* // Sun Protection Factor Err… wait a second. Sender Policy Framework Ladies and Gentlemen of the class of 1997, Wear Sunscreen…I will dispense my advice, […]

The post How to Configure SPFv1: Explained for the Masses appeared first on Black Hills Information Security, Inc..

Brian Fehrman // Running into environments where the use of PowerShell is being monitored or is just flat-out disabled? Have you tried out the fantastic PowerOps framework but are wishing […]

The post WEBCAST: A Powerful New Tool – PowerLine! appeared first on Black Hills Information Security, Inc..