NIST Privacy Framework: Foundational Privacy Principles

The National Institute of Standards and Technology (NIST) has developed a comprehensive privacy framework that can help organizations assess and improve their privacy practices. The framework consists of three main components: the core, the profiles, and the implementation tiers. In this blog post, we will focus on the foundational privacy principles, which are the fundamental … Continue reading NIST Privacy Framework: Foundational Privacy Principles →

NIST Privacy Framework: Core

The National Institute of Standards and Technology (NIST) has developed a comprehensive privacy framework that can help organizations assess and improve their privacy practices. The framework consists of three main components: the core, the profiles, and the implementation tiers. In this blog post, we will focus on the core, which is the foundation of the … Continue reading NIST Privacy Framework: Core →

Threat Emulation Training: Where to Start

Written by: Sean D. Goodwin , CISA, QSA, PCIP, CISSP, CCSP, GSEC, GCIH, GCIA, GCWN, GCCC, GCUX, GCPM, GDAT, GSE Our recent blog posts have covered a variety of topics related to threat emulation, including: The benefits of threat emulation. The important factors that differentiate threat emulation from penetration testing. Understanding how to leverage these tests to implement controls … Continue reading Threat Emulation Training: Where to Start →

Threat Emulation vs. Penetration Testing: Understanding the Differences

This was originally posted as an Insight from Wolf & Company, P.C. Threat emulation (also referred to as adversary simulation) is an advanced form of testing where the attack tools, techniques, and procedures (TTPs) utilized are based on documented, real-world criminal actions. These tests are best suited for environments and organizations that have the basics covered … Continue reading Threat Emulation vs. Penetration Testing: Understanding the Differences →

NIST CSF: Adaptive Tier

The NIST Cybersecurity Framework (CSF) is a framework developed by the National Institute of Standards and Technology (NIST) to help organizations manage and reduce their cybersecurity risks. In addition to the core functions of the CSF, the framework also includes four levels or "tiers" that provide guidance on how organizations can implement the framework and … Continue reading NIST CSF: Adaptive Tier →