Latest news with #NationalInstituteofStandardsandTechnology
Business Journals
21 hours ago
- Business
- Business Journals
How to choose the right cybersecurity framework: A guide for mid-market companies
As cyber threats become more sophisticated and regulatory requirements more stringent, companies, especially mid-market, must take a proactive approach to security. Choosing the right cybersecurity framework is a critical step in protecting sensitive data, maintaining compliance and building trust with customers, investors and regulators. However, with so many frameworks available, each with different requirements and industry applications, determining the best fit can be challenging. Understanding cybersecurity frameworks vs security standards Cybersecurity frameworks: Structured sets of best practices and methodologies for managing cybersecurity risks. Helps organizations build a structured approach to security, ensuring that policies, processes and technologies align with industry-recognized standards. Security standards: Defines specific requirements that organizations must meet to achieve compliance. Typically associated with audits, ensuring that an organization meets legal and contractual obligations. Common security standards include HIPAA, PCI DSS and GDPR. While standards ensure compliance with regulatory requirements, frameworks offer strategic guidance for building a resilient security posture. Choosing the right framework ensures a comprehensive approach to cybersecurity that not only satisfies legal requirements but also strengthens overall protection against evolving threats. Key cybersecurity frameworks in 2025 Selecting the best framework depends on your industry, regulatory landscape and business operations. NIST Cybersecurity Framework (CSF) 2.0 Developed by the National Institute of Standards and Technology (NIST), the NIST CSF 2.0 is a voluntary, risk-based cybersecurity framework focuses on six core functions: govern, identify, protect, detect, respond and recover. It provides a variety of high-level cybersecurity outcomes that organizations can use to understand, assess, prioritize and communicate their cybersecurity efforts more effectively. Best for: Organizations of any size or sector, particularly those looking for a flexible and risk-based approach to managing cybersecurity and aligning with industry standards. ISO/IEC 27001 The ISO/IEC 27001 is an internationally recognized standard for information security management. It provides a structured framework for implementing an Information Security Management System (ISMS), ensuring the confidentiality, integrity and availability of corporate data, including financial information, intellectual property, employee details and third-party managed data. Best for: Organizations of any size or sector, especially those needing a comprehensive ISMS to ensure data protection and demonstrate compliance to international standards. CIS Controls Developed by the Center for Internet Security (CIS), CIS Controls are a structured and simplified set of best practices designed to help organizations strengthen their security posture. Best for: Small to mid-market organizations seeking a simplified, actionable set of cybersecurity best practices to quickly strengthen their security posture with minimal resource investment. CMMC The Cybersecurity Maturity Model Certification (CMMC) is a unified standard developed by the U.S. Department of Defense (DoD) to ensure contractors and subcontractors meet specific cybersecurity practices when handling Controlled Unclassified Information (CUI). CMMC integrates various cybersecurity standards and best practices and assigns them across maturity levels, ranging from foundational to advanced. Best for: Defense contractors and subcontractors in the DoD supply chain who must demonstrate compliance with strict cybersecurity requirements to be eligible for government contracts. FedRAMP The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security assessment, authorization and continuous monitoring for cloud services used by federal agencies. It ensures that cloud providers meet strict federal security requirements before working with government entities. Best for: Cloud service providers aiming to do business with U.S. federal agencies and needing to prove compliance with federal cybersecurity standards. StateRAMP Modeled after FedRAMP, StateRAMP offers a standardized approach to cybersecurity for state and local governments. It helps ensure that cloud service providers meet consistent security requirements when providing services to government agencies, promoting transparency, verification and trust. Best for: Cloud vendors looking to work with state and local governments that require proven compliance with standardized cybersecurity benchmarks. How to choose the right framework for your business Assess your current security posture Before selecting a new framework, conduct a comprehensive gap assessment to evaluate your institution's existing cybersecurity controls. Identify strengths, pinpoint vulnerabilities and determine where enhancements are needed to align with your chosen framework. Understand your industry requirements Certain frameworks are better suited for meeting industry-specific regulations. Understanding your industry's unique regulatory landscape will help you determine which security frameworks align with these requirements and which ones are most effective for addressing sector-specific risks. Consider business goals and objectives When selecting a security framework, it's important to align your choice with your company's broader business objectives. For example, with the FFIEC Cybersecurity Assessment Tool being phased out, financial institutions may consider adopting ISO 27001 to enhance their cybersecurity posture and build credibility with investors and regulators. Additionally, if your organization is focused on streamlining compliance processes or reducing the burden of managing multiple audits, a consolidated compliance framework, combining assessments like NIST, ISO, PCI DSS, HITRUST and/or SOC 2, can help alleviate audit fatigue and ensure consistent, efficient compliance across various regulatory requirements. Real-world example: For companies navigating a complex landscape of regulatory requirements, working with multiple providers testing the same controls can strain internal resources. Learn how FD's Consolidated Compliance Assessment Program helped a leading global payments technology company streamline compliance, exceed regulatory requirements and reduce audit redundancies. Read more here. Engage key stakeholders Cybersecurity is not just an IT concern; it requires collaboration across executive leadership, technology teams, risk and compliance professionals and internal audit. Engaging these stakeholders early ensures alignment on strategic priorities and regulatory expectations. Monitor, validate and adapt Cyber threats and regulatory expectations continue to evolve, making ongoing monitoring essential. Regularly measure progress against targeted cybersecurity maturity levels, reassess risk factors and adjust your strategy as needed. Internal audit should be involved in periodic reviews to validate compliance and readiness for regulatory examinations. Next steps: Strengthening your security posture Choosing the right security framework is more than just a compliance requirement; it's a strategic investment in your company's resilience, reputation and long-term success. As cyber threats grow more sophisticated and regulatory landscapes shift, companies must take a proactive approach to security. By assessing your current security posture, aligning with industry requirements and considering business goals, you can implement a framework that not only meets compliance standards but also strengthens your overall cybersecurity strategy. Navigating these complexities can be challenging, but you don't have to do it alone. Frazier & Deeter's experts are here to help you evaluate your options, implement the right framework and build a security posture that protects your business now and in the future. Contact us to get started. Frazier & Deeter (FD) is comprised of Frazier & Deeter, LLC, a US licensed CPA firm that provides attest services to its clients, and Frazier & Deeter Advisory, LLC, an alternative practice structure that provides tax and advisory services to clients worldwide. Learn more at
Yahoo
22-05-2025
- Yahoo
NordVPN rolls out post-quantum encryption to all applications
LONDON, May 22, 2025 (GLOBE NEWSWIRE) -- NordVPN, a leading cybersecurity company, announces the launch of post-quantum encryption (PQE) support for all its VPN applications. The first iteration of post-quantum cryptography was implemented on the NordVPN Linux application last year. In 2025, NordVPN also rolled out its PQE feature for Windows, macOS, iOS, and Android, including Android TV and tvOS. 'As quantum computing advances, the traditional encryption methods used by most VPN protocols today will eventually become vulnerable. By integrating PQE into our VPN infrastructure, we're taking a proactive step to ensure long-term confidentiality and resilience for our customers' data, both now and in a post-quantum future,' says Marijus Briedis, CTO at NordVPN. In September 2024, NordVPN released a Linux app update with the first post-quantum cryptography upgrade for the NordLynx protocol — a high-performance VPN protocol known for its extreme speed and security, based on WireGuard. The upgraded protocol complied with the latest National Institute of Standards and Technology (NIST) standards for post-quantum encryption and protected Linux users from quantum decryption, while also collecting essential performance metrics, such as impact on connection speeds and latency. 'The gathered data served as a stepping stone in the transition to quantum-resistant encryption to the rest of our platforms,' says Briedis. 'The Linux case demonstrated that we successfully maintained the highest level of user experience in terms of connection time and speed during the transition. As a result, other applications followed to ensure long-term data security for our users.' PQE is enabled with a toggle switch — once turned on under 'Connections' in 'Settings,' the feature will automatically activate whenever the user connects via the NordLynx protocol. ABOUT NORDVPN NordVPN is the world's most advanced VPN service provider, trusted by millions of internet users worldwide. The service offers features such as dedicated IP, Double VPN, and Onion Over VPN servers, which help to enhance online privacy with zero tracking. One of NordVPN's key features is Threat Protection Pro, a tool that blocks malicious websites, trackers, and ads and scans downloads for malware. NordVPN is part of Nord Security, whose latest product is Saily, a global eSIM service. Known for its user-friendly design, NordVPN offers some of the best prices on the market and operates over 7,600 servers in 118 countries. For more information, visit More information: skirmante@
Yahoo
22-05-2025
- Yahoo
NordVPN rolls out post-quantum encryption to all applications
LONDON, May 22, 2025 (GLOBE NEWSWIRE) -- NordVPN, a leading cybersecurity company, announces the launch of post-quantum encryption (PQE) support for all its VPN applications. The first iteration of post-quantum cryptography was implemented on the NordVPN Linux application last year. In 2025, NordVPN also rolled out its PQE feature for Windows, macOS, iOS, and Android, including Android TV and tvOS. 'As quantum computing advances, the traditional encryption methods used by most VPN protocols today will eventually become vulnerable. By integrating PQE into our VPN infrastructure, we're taking a proactive step to ensure long-term confidentiality and resilience for our customers' data, both now and in a post-quantum future,' says Marijus Briedis, CTO at NordVPN. In September 2024, NordVPN released a Linux app update with the first post-quantum cryptography upgrade for the NordLynx protocol — a high-performance VPN protocol known for its extreme speed and security, based on WireGuard. The upgraded protocol complied with the latest National Institute of Standards and Technology (NIST) standards for post-quantum encryption and protected Linux users from quantum decryption, while also collecting essential performance metrics, such as impact on connection speeds and latency. 'The gathered data served as a stepping stone in the transition to quantum-resistant encryption to the rest of our platforms,' says Briedis. 'The Linux case demonstrated that we successfully maintained the highest level of user experience in terms of connection time and speed during the transition. As a result, other applications followed to ensure long-term data security for our users.' PQE is enabled with a toggle switch — once turned on under 'Connections' in 'Settings,' the feature will automatically activate whenever the user connects via the NordLynx protocol. ABOUT NORDVPN NordVPN is the world's most advanced VPN service provider, trusted by millions of internet users worldwide. The service offers features such as dedicated IP, Double VPN, and Onion Over VPN servers, which help to enhance online privacy with zero tracking. One of NordVPN's key features is Threat Protection Pro, a tool that blocks malicious websites, trackers, and ads and scans downloads for malware. NordVPN is part of Nord Security, whose latest product is Saily, a global eSIM service. Known for its user-friendly design, NordVPN offers some of the best prices on the market and operates over 7,600 servers in 118 countries. For more information, visit More information: skirmante@
Associated Press
22-05-2025
- Associated Press
NordVPN rolls out post-quantum encryption to all applications
LONDON, May 22, 2025 (GLOBE NEWSWIRE) -- NordVPN, a leading cybersecurity company, announces the launch of post-quantum encryption (PQE) support for all its VPN applications. The first iteration of post-quantum cryptography was implemented on the NordVPN Linux application last year. In 2025, NordVPN also rolled out its PQE feature for Windows, macOS, iOS, and Android, including Android TV and tvOS. 'As quantum computing advances, the traditional encryption methods used by most VPN protocols today will eventually become vulnerable. By integrating PQE into our VPN infrastructure, we're taking a proactive step to ensure long-term confidentiality and resilience for our customers' data, both now and in a post-quantum future,' says Marijus Briedis, CTO at NordVPN. In September 2024, NordVPN released a Linux app update with the first post-quantum cryptography upgrade for the NordLynx protocol — a high-performance VPN protocol known for its extreme speed and security, based on WireGuard. The upgraded protocol complied with the latest National Institute of Standards and Technology (NIST) standards for post-quantum encryption and protected Linux users from quantum decryption, while also collecting essential performance metrics, such as impact on connection speeds and latency. 'The gathered data served as a stepping stone in the transition to quantum-resistant encryption to the rest of our platforms,' says Briedis. 'The Linux case demonstrated that we successfully maintained the highest level of user experience in terms of connection time and speed during the transition. As a result, other applications followed to ensure long-term data security for our users.' PQE is enabled with a toggle switch — once turned on under 'Connections' in 'Settings,' the feature will automatically activate whenever the user connects via the NordLynx protocol. ABOUT NORDVPN NordVPN is the world's most advanced VPN service provider, trusted by millions of internet users worldwide. The service offers features such as dedicated IP, Double VPN, and Onion Over VPN servers, which help to enhance online privacy with zero tracking. One of NordVPN's key features is Threat Protection Pro, a tool that blocks malicious websites, trackers, and ads and scans downloads for malware. NordVPN is part of Nord Security, whose latest product is Saily, a global eSIM service. Known for its user-friendly design, NordVPN offers some of the best prices on the market and operates over 7,600 servers in 118 countries. For more information, visit More information: [email protected]
Yahoo
21-05-2025
- Politics
- Yahoo
Former Jan. 6 defendant who was arrested near Obama's house is convicted on gun charges
WASHINGTON — A former Jan. 6 defendant who was arrested after he showed up at former President Barack Obama's home in 2023 was convicted Tuesday of illegal possession of guns and ammunition. Taylor Taranto, who was apprehended while he was livestreaming video near Obama's house in Washington, D.C., was also found guilty of a false information and hoaxes charge related to a video he streamed a day earlier claiming he was on a 'one-way mission' to blow up the National Institute of Standards and Technology in Gaithersburg, Maryland. U.S. District Judge Carl Nichols ruled on the case following a bench trial that got underway last week. Taranto's attorney, Carmen Hernandez, blasted the verdict. 'I think it's a terrible outcome under a statute that is overbroad and violates the First Amendment,' Hernandez told NBC News. 'Mr. Taranto is an honorably discharged, disabled veteran with no prior convictions, no history of violent conduct. He's been convicted of having made a bad joke with absolutely no evidence that he intended to carry out any criminal conduct.' Taranto had posted about appearing outside Obama's residence the same day in June 2023 that Trump shared a screenshot on social media that included what he said was Obama's Washington address. Prosecutors said Taranto reposted what Trump had shared and then posted about being outside Obama's home, writing, 'We got these losers surrounded!' Investigators said they found two guns and hundreds of rounds of ammunition in Taranto's van, along with a machete, when he was arrested. Prosecutors alleged that Taranto repeatedly said that he was trying to get a 'shot' and that he wanted to get a 'good angle on a shot.' Online sleuths first identified Taranto as a Jan. 6 participant in 2021. He was one of the roughly 1,500 Jan. 6 defendants President Donald Trump pardoned on the first day of his second term in office. Ryan J. Reilly reported from Washington and Zoë Richards from New York. This article was originally published on
