Cynthia Brumfield
Cynthia Brumfield is a veteran communications and technology analyst who is currently focused on cybersecurity. She runs a cybersecurity news destination site, Metacurity.com, consults with companies through her firm DCT-Associates, and is the author of the book published by Wiley, Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework.
Election security, misinformation threats loom large ahead of the US midterms
The FBI and CISA say election infrastructure is secure, but threat actors have other ways to undermine confidence in the US midterm elections.
US CISA reaches a new maturity level with its comprehensive strategic plan
The new plan aims to make the cybersecurity agency more efficient and to create a "whole of nation" approach to protecting the United States from cyberattacks.
New US DHS grant program can boost local governments’ cybersecurity strength
The cybersecurity grant program is designed to initiate state and local governments projects but does not provide ongoing operating funds.
Recent cases highlight need for insider threat awareness and action
Insider threats can have a devastating impact even if the harm is unintentional. Here's advice to identify and mitigate insider threat risk.
D&O insurance not yet a priority despite criminal trial of Uber’s former CISO
The cost is too high and the risk too low to offer CISOs directors-and-officers insurance at many companies. Protective governance policies might make more sense.
International cooperation is key to fighting threat actors and cybercrime
Western intelligence and national security leaders emphasize the importance of collaborating to better prepare and respond to cybersecurity threats.
US OMB releases guidance on federal agency software security requirements
The guidance aims to improve the security of software federal agencies use, but expects self-attestation for compliance.
U.S. government offensive cybersecurity actions tied to defensive demands
Current and former U.S. government officials explain the country's "defense forward" and offensive cybersecurity policies and their risks.
CISA launches incident, ransomware reporting rulemaking RFI
The U.S. Cybersecurity and Infrastructure Security Agency seeks input on a common set of cybersecurity incident reporting regulations.
Russia-linked cyberattacks on Ukraine: A timeline
Cyber incidents are playing a central role in the Russia-Ukraine conflict. Here's how events are unfolding along with unanswered questions.
NIST CSF 2.0 Workshop emphasizes global appeal, metrics and assessment
About 7,000 international workshop attendees heard discussions of NIST's plans for Cybersecurity Framework 2.0, which aims to offer more guidance on supply chain security, measurement, and implementation, among other topics.
FTC begins sweeping commercial surveillance and lax data security rulemaking process
While some praise the FTC's efforts, some in Congress worry that it overlaps with and possibly jeopardizes the passing of the American Data Privacy and Protection Act.
How a Venezuelan disinformation campaign swayed voters in Colombia
A Black Hat presentation explains how Russia-aligned Venezuela influenced the presidential election in Colombia to its political benefit.
How harm reduction can more effectively reduce employee risky behavior
Black Hat speaker proposes framework to reduce the negative consequences of risky user actions and encourage them to follow security's advice.
The Secret Service’s missing text messages: Lessons for IT security
The drama in Washington shines a light on the challenges in securing mobile communications and the role that document destruction and retention policies play in organizational security.
Spyware infections continue as the U.S. federal government takes notice
As more high-profile instances of spyware misuse come to light, the U.S. government begins to take action to address the threat.
Spate of pending U.S. privacy initiatives could significantly impact businesses
Bolstered by the overturned Roe v. Wade decision, several privacy initiatives could force businesses to review how they process, store, and protect data.
Cyber Safety Review Board warns that Log4j event is an “endemic vulnerability”
The CSRB report predicts the Log4J risk will continue for years and offers best practices for mitigating the threat.
U.S. NDAA heads into the home stretch with significant cybersecurity amendments pending
The main defense spending bill might enact the most significant pieces of U.S. cybersecurity legislation this year.