Search Publications

Displaying 401 - 425 of 2840

The New NIST Phish Scale, Revealing Why End Users Click

October 22, 2020

Author(s)

Shanee T. Dawkins, Kristen Greene, Jody L. Jacobs

Developed based on over 4 years of NIST phishing training data, the NIST Phish Scale is a DIY method for rating human phishing detection difficulty key to understanding variability in phishing click rates. This talk will cover why users click, why its

Cybersecurity Framework Version 1.1 Manufacturing Profile

October 7, 2020

Author(s)

Keith A. Stouffer, Timothy Zimmerman, CheeYee Tang, Michael Pease, Jeffrey Cichonski, John McCarthy

This document provides the Cybersecurity Framework (CSF) Version 1.1 implementation details developed for the manufacturing environment. The "Manufacturing Profile" of the CSF can be used as a roadmap for reducing cybersecurity risk for manufacturers that

Formal Verification of Bootstrapping Remote Secure Key Infrastructures (BRSKI) Protocol Using AVISPA

October 7, 2020

Author(s)

Monika Singh, Mudumbai Ranganathan

The last decade has seen significant growth in the number of IoT devices. These devices can connect to each other and networks. The process through which a new IoT device connects to the network and subsequently enables its services is called bootstrapping

Security Awareness Training for the Workforce: Moving Beyond "Check-the-box" Compliance

September 30, 2020

Author(s)

Julie Haney, Wayne Lutters

Security awareness training requirements set a minimum baseline for introducing security practices to an organization's workforce. But is simple compliance enough to result in behavior change?

It's the Company, the Government, You and I: User Perceptions of Responsibility for Smart Home Privacy and Security

September 25, 2020

Author(s)

Julie M. Haney, Yasemin Acar, Susanne M. Furman

Smart home technology exposes adopters to increased risk to network security, information privacy, and physical safety. However, users may lack understanding of the privacy and security implications. Additionally, manufacturers often fail to provide

Security and Privacy Controls for Information Systems and Organizations

September 23, 2020

Author(s)

Ronald S. Ross

This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks

Data Integrity Recovering from Ransomware and Other Destructive Events

September 22, 2020

Author(s)

Anne R. Townsend, Timothy J. McBride, Lauren N. Lusty, Julian T. Sexton, Michael R. Ekstrom

Businesses face a near-constant threat of destructive malware, ransomware, malicious insider activities, and even honest mistakes that can alter or destroy critical data. These data corruption events could cause a significant loss to a companys reputation

Vulnerability Trends in Web Servers and Browsers

September 11, 2020

Author(s)

M S Raunak, D. Richard Kuhn, Raghu N. Kacker, Richard Kogut

In previous work we have looked at trends in vulnerabilities due to ordinary programming errors [2, 3]. This analysis focuses on two of the most widely used types of software in today's internet, web browsers and web servers. In addition to reports of

Towards Usable Updates for Smart Home Devices

September 17, 2020

Author(s)

Julie M. Haney, Susanne M. Furman

Smart home device updates are important tools for users to remediate security vulnerabilities and protect devices from future attacks. However, no prior research has been conducted to understand smart home users' perceptions of and experiences with updates

Mobile Device Security: Corporate-Owned Personally-Enabled (COPE)

September 15, 2020

Author(s)

Gema E. Howell, Kaitlin R. Boeckl, Naomi B. Lefkovitz, Ellen M. Nadeau, Joshua M. Franklin, Behnam Shariati, Jason Ajmo, Christopher J. Brown, Spike E. Dog, Frank Javar, Michael Peck, Kenneth F. Sandlin

Mobile devices provide access to vital workplace resources while giving employees the flexibility to perform their daily activities. Securing these devices is essential to the continuity of business operations. While mobile devices can increase efficiency

2019 NIST/ITL Cybersecurity Program Annual Report

August 24, 2020

Author(s)

Patrick D. O'Reilly, Kristina G. Rigopoulos, Larry Feldman, Gregory A. Witte

During Fiscal Year 2019 (FY 2019), from October 1, 2018 through September 30, 2019, the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy

On Data Integrity Attacks against Industrial Internet of Things

August 24, 2020

Author(s)

Hansong Xu, Wei Yu, Xing Liu, David W. Griffith, Nada T. Golmie

Industrial Internet of Things (IIoT) is predicted to drive the fourth industrial revolution through massive interconnection of industrial devices, such as sensors, controllers and actuators, integrating advances in smart machinery and data analytics driven

ARES: Automated Risk Estimation in Smart Sensor Environments

August 17, 2020

Author(s)

Athanasios Dimitriadis, Jose L. Flores, Boonserm Kulvatunyou, Nenad Ivezic, Ioannis Mavridis

Industry 4.0 adoption demands integrability, interoperability, composability, and security. Currently, integrability, interoperability and composability are addressed by next-generation approaches for enterprise systems integration such as model-based