U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 276 - 300 of 1509

Security and Privacy Controls for Information Systems and Organizations

December 10, 2020
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri
This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks

Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events

December 8, 2020
Author(s)
Jennifer L. Cawthra, Michael R. Ekstrom, Lauren N. Lusty, Julian T. Sexton, John E. Sweetnam
Ransomware, destructive malware, insider threats, and even honest mistakes present an ongoing threat to organizations that manage data in various forms. Database records and structure, system files, configurations, user files, application code, and

Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events

December 8, 2020
Author(s)
Jennifer L. Cawthra, Michael R. Ekstrom, Lauren N. Lusty, Julian T. Sexton, John E. Sweetnam, Anne R. Townsend
Ransomware, destructive malware, insider threats, and even honest user mistakes present ongoing threats to organizations. Organizations' data, such as database records, system files, configurations, user files, applications, and customer data, are all

Smart Home Consumers' Privacy and Security Perceptions & Practices

December 7, 2020
Author(s)
Julie Haney, Susanne M. Furman, Yasemine Acar
Smart home technologies may expose adopters to increased risk to network security, information privacy, and physical safety. However, consumers may lack understanding of the privacy and security implications, while devices fail to provide transparency and

Measurements of the Most Significant Software Security Weaknesses

December 6, 2020
Author(s)
Carlos E. Cardoso Galhardo, Peter Mell, Irena Bojanova, Assane Gueye
In this work, we provide a metric to calculate the most significant software security weaknesses as defined by an aggregate metric of the frequency, exploitability, and impact of related vulnerabilities. The Common Weakness Enumeration (CWE) is a well

An Approach for Detection of Advanced Persistent Threat Attacks

December 1, 2020
Author(s)
Qingtian Zou, Xiaoyan Sun, Peng Liu, Anoop Singhal
Advanced Persistent Threat (APT) campaigns employ sophisticated strategies and tactics to achieve their attack goal. The evolution of APT strategies and tactics compounds the challenge of detecting attack campaigns. This article introduces an approach

Research Report: User Perceptions of Smart Home Privacy and Security

November 17, 2020
Author(s)
Julie M. Haney, Susanne M. Furman, Yasemin Acar
Smart home technologies may expose adopters to increased risk to network security, information privacy, and physical safety. However, users may lack understanding of the privacy and security implications, while devices fail to provide transparency and

Workforce Framework for Cybersecurity (NICE Framework)

November 16, 2020
Author(s)
Rodney Petersen, Danielle Santos, Karen Wetzel, Matthew Smith, Greg Witte
This publication from the National Initiative for Cybersecurity Education (NICE) describes the Workforce Framework for Cybersecurity (NICE Framework), a fundamental reference for describing and sharing information about cybersecurity work. It expresses

Control Baselines for Information Systems and Organizations

October 29, 2020
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri
This publication provides security and privacy control baselines for the Federal Government. There are three security control baselines (one for each system impact level: low-impact, moderate-impact, and high-impact), as well as a privacy baseline that is

An Empirical Study on Flow-based Botnet Attacks Prediction

October 22, 2020
Author(s)
Mitsuhiro Hatada, Matthew A. Scholl
In the era of the Internet of Things, botnet threats are rising, which has prompted many studies on botnet detection and measurement. In contrast, this study aims to predict botnet attacks, such as massive spam emails and distributed denial-of-service

The New NIST Phish Scale, Revealing Why End Users Click

October 22, 2020
Author(s)
Shanee T. Dawkins, Kristen Greene, Jody L. Jacobs
Developed based on over 4 years of NIST phishing training data, the NIST Phish Scale is a DIY method for rating human phishing detection difficulty – key to understanding variability in phishing click rates. This talk will cover why users click, why it’s

Cybersecurity Framework Version 1.1 Manufacturing Profile

October 7, 2020
Author(s)
Keith A. Stouffer, Timothy Zimmerman, CheeYee Tang, Michael Pease, Jeffrey Cichonski, John McCarthy
This document provides the Cybersecurity Framework (CSF) Version 1.1 implementation details developed for the manufacturing environment. The "Manufacturing Profile" of the CSF can be used as a roadmap for reducing cybersecurity risk for manufacturers that

Security and Privacy Controls for Information Systems and Organizations

September 23, 2020
Author(s)
Ronald S. Ross
This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks

Data Integrity Recovering from Ransomware and Other Destructive Events

September 22, 2020
Author(s)
Anne R. Townsend, Timothy J. McBride, Lauren N. Lusty, Julian T. Sexton, Michael R. Ekstrom
Businesses face a near-constant threat of destructive malware, ransomware, malicious insider activities, and even honest mistakes that can alter or destroy critical data. These data corruption events could cause a significant loss to a company’s reputation

Vulnerability trends in web servers and browsers

September 21, 2020
Author(s)
M S Raunak, David Kuhn, Richard Kogut, Raghu Kacker
In previous work we have looked at trends in vulnerabilities due to ordinary programming errors [2, 3]. This analysis focuses on two of the most widely used types of software in today's internet, web browsers and web servers. In addition to reports of

Towards Usable Updates for Smart Home Devices

September 17, 2020
Author(s)
Julie M. Haney, Susanne M. Furman
Smart home device updates are important tools for users to remediate security vulnerabilities and protect devices from future attacks. However, no prior research has been conducted to understand smart home users' perceptions of and experiences with updates

Mobile Device Security: Corporate-Owned Personally-Enabled (COPE)

September 15, 2020
Author(s)
Gema E. Howell, Kaitlin R. Boeckl, Naomi B. Lefkovitz, Ellen M. Nadeau, Joshua M. Franklin, Behnam Shariati, Jason Ajmo, Christopher J. Brown, Spike E. Dog, Frank Javar, Michael Peck, Kenneth F. Sandlin
Mobile devices provide access to vital workplace resources while giving employees the flexibility to perform their daily activities. Securing these devices is essential to the continuity of business operations. While mobile devices can increase efficiency

2019 NIST/ITL Cybersecurity Program Annual Report

August 24, 2020
Author(s)
Patrick D. O'Reilly, Kristina G. Rigopoulos, Larry Feldman, Gregory A. Witte
During Fiscal Year 2019 (FY 2019), from October 1, 2018 through September 30, 2019, the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy

On Data Integrity Attacks against Industrial Internet of Things

August 24, 2020
Author(s)
Hansong Xu, Wei Yu, Xing Liu, David W. Griffith, Nada T. Golmie
Industrial Internet of Things (IIoT) is predicted to drive the fourth industrial revolution through massive interconnection of industrial devices, such as sensors, controllers and actuators, integrating advances in smart machinery and data analytics driven

ARES: Automated Risk Estimation in Smart Sensor Environments

August 17, 2020
Author(s)
Athanasios Dimitriadis, Jose L. Flores, Boonserm Kulvatunyou, Nenad Ivezic, Ioannis Mavridis
Industry 4.0 adoption demands integrability, interoperability, composability, and security. Currently, integrability, interoperability and composability are addressed by next-generation approaches for enterprise systems integration such as model-based

Zero Trust Architecture

August 10, 2020
Author(s)
Scott W. Rose, Oliver Borchert, Stuart Mitchell, Sean Connelly
Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network- based perimeters to focus on users, assets, and resources. A zero trust architecture (ZTA) uses zero trust principles to plan industrial and

A Document-based View of the Risk Management Framework

August 3, 2020
Author(s)
Joshua Lubell
Cybersecurity professionals know the Risk Management Framework as a rigorous yet flexible process for managing security risk. But the RMF lacks a document focus, even though much of the process requires authoring, reviewing, revising, and accessing plans
Was this page helpful?