Hacktivism || BIA and RA Integration
CyberInsights #48
Indian Government sites hacked after controversial statement
Over 70 Indian government sites were defaced over the recent controversy around the statement made by the spokesperson of a leading political party.
Hacktivism is not new. We see increased hacktivism around key events like Independence Day and Republic Day celebrations. Key political developments too lead to increased hacktivism.
Most times, the damage is to reputation as the damage does not go beyond defacement.
Take Action:
In case you are responsible for a government website, or your firm is a part of critical information infrastructure, make sure that your website is tested thoroughly.
Keep track of events that might lead to hacktivism.
Know someone who might find this useful? Share this post.
NIST 8286 - Using BIA for Risk Assessment
No force on earth can stop an idea whose time has come - Victor Hugo
The brilliance of this idea is the simplicity. If you are an infosec professional who has dabbled with risk assessments and business impact assessments, you would have pondered the question - why can’t we use BIA for everything? Isn’t it a type of RA anyway?
This simple idea is the foundation of this draft NIST standard that can be downloaded from here.
This is still a draft standard awaiting review and finalisation, but an idea whose time has come.
Take Action:
Adopt this approach whole heartedly! Evaluate the process mentioned above. Provide your feedback to NIST. Change the whole BIA / RA game!
Useful? CyberInsights is a weekly post about two new items in cybersecurity which helps the cybersecurity professional think. Subscribe to it here.