Mediaboss Marketing

Exciting plans are underway for a National Sheep Association (NSA) event this autumn that will bring together the nations sheep farmers for a fresh style of enjoyable and informative farming conference.

The new NSA Sheep Farmers Conference will take place on Wednesday 25th October 2023 and, in its inaugural year, will focus on sheep health and its links to sustainability, production and welfare. It will offer a line up of the most experienced and knowledgeable experts from the UK sheep sector, ready to pass on valuable information through various interactive sessions and networking opportunities. Held at the convenient location of the National Conference Centre, Birmingham, very close to road, rail and air links, the day will be relevant and accessible to delegates from England, Wales, Scotland and Northern Ireland.

The new event will be the headline feature of NSAs Health and Welfare week, starting Monday 23rd October.

NSA Chief Executive Phil Stocker says: Given the importance of livestock within the one health agenda, and how vital healthy sheep are to productive farming businesses with an eye on sustainability, lower emissions and a wide range of other public goods, we are bursting with plans for the first ever Sheep Health Week. In addition to the face-to-face conference there will be a range of free-to-access web-based activities from Monday 23rd October, including three SHWAP online webinars.

Sheep Health, Wealth and Production (SHWAP) is an online activity organised by NSA South East Region, with three topics covered over three evenings on Monday 23rd, Tuesday 24thand Thursday 26th October. These will complement the conference, picking up additional topics and themes.

Tickets for the conference will be priced to be affordable for all to attend but will be limited in number so farmers are urged to put the date in the diary now and book as soon as tickets are made available in early summer. NSA members will be informed first and get a preferential rate.

Further detail on the conference will be announced soon so keep an eye on our events page.

See more here:
New conference for the nation's sheep farmers launching this autumn - Farmers Guide

Digital identity compromises are a growing concern and have been tied to massive hacks such as the Colonial Pipeline ransomware incident and the Reddit breach last month.

Coupled with an uptick in reliance on digital transformation and the ubiquity of cloud platforms, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) believe it is time to push framework guidance on identity access management (IAM).

On Tuesday, the two agencies released recommended best practices for infosec professionals who manage digital identities. The 31-page report outlines business processes, policies, and technologies to help shore up government and private-sector security postures. The practice guide, part of the NSA's Enduring Security Framework initiative, was developed through a public-private partnership to help thwart threats facing critical infrastructure and national security systems.

Americas critical infrastructure is a prime target for a broad spectrum of threat sources including advanced and ongoing attacks from nation states and terrorist organizations attacks, according to the paper. IAM weaknesses are frequently exploited in the most insidious threats, APTs, which have led to catastrophic data breaches.

Citing the 2022 Verizon Data Breach Investigation Report, the paper notes that 80% of web applications attacks and 40% of breaches leverage stolen credentials, a tactic used by a wide range of threat actors, including nation-state hacking groups, terrorist organizations, hacktivists, and individual operators. In addition, identity management company Okta reported record-high credential-stuffing attacks in its 2022 State of Security Identity Report, detecting almost 10 billion credential-stuffing events across its Auth0 access management platforms in the first 90 days of 2022.

To counter the growing risks, the IAM framework provides practice guidance and mitigations to address threats related to the following five areas: identity governance, environmental hardening, identity federation/single sign-on, multi-factor authentication and auditing and monitoring around identity access and management tools.

Grant Dasher from the office of the technical director for cybersecurity at CISA, said the release of the practice guide is "a valuable first step to aid critical infrastructure organizations' effort to assess and strengthen their IAM solutions and processes," and plan for further collaborations to improve the IAM ecosystem.

Besides the Colonial Pipeline incident, there have been several recent and notable attacks that highlight the importance of addressing the digital identity threats against critical infrastructure.

In February 2021, an attacker compromised a computer system in a Florida water treatment plant and tried to increase the levels of certain chemicals in the water supply which would have posed serious public health and safety concerns. In 2022, a ransomware gang leveraged stolen credentials and targeted another water treatment plant in South Staffordshire, UK, affecting 1.6 million customers and 35,000 businesses.

While SSO and MFA are widely adopted to strengthen and simplify the authentication process, Murali Palanisamy, chief solution officer at AppViewX, said that critical infrastructure should take extra precautions when monitoring implementations as a compromised SSO system in one area can make it easier for an attacker to gain access in other parts of the network.

"This is especially true for critical infrastructure where you would need access using Secure Shell to troubleshoot an access failure. Leveraging Privilege Accessed Management and SSH access using SSH certificates instead of passwords or keys enables the out-of-band authentication for admins and security teams," Palanisamy said.

Read the rest here:
CISA, NSA push identity and access management framework as risks grow - SC Media

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) released new guidance on March 21 that offers system administrators best practices for identity and access management (IAM).

CISA and NSA released the IAM guidance as part of the Enduring Security Framework (ESF), a public-private partnership that aims to address risks that threaten critical infrastructure and national security systems.

IAM is a framework of business processes, policies, and technologies that facilitate the management of digital identities ensuring that only users with the appropriate credentials gain access to data.

IAM is a critical part of every organizations security posture, and we must work collectively with the public and private sector to advance more secure by default and secure by design IAM solutions, said Grant Dasher, Office of the Technical Director for Cybersecurity, CISA.

The ESFs best practices guide is a valuable first step to aid critical infrastructure organizations efforts to assess and strengthen their IAM solutions and processes, he added. We look forward to further collaborations with our partners to improve the IAM ecosystem and aid organizations in achieving a more resilient posture.

The guidances best practices provide system administrators with actionable recommendations to better secure their systems from IAM threats. Specifically, it offers best practices and mitigations to counter threats related to identity governance, environmental hardening, identity federation/single sign-on, multi-factor authentication (MFA), and IAM auditing and monitoring.

It also offers a checklist for actions organizations can take immediately, such as routinely testing and patching your organizations MFA infrastructure; identifying all the local identities on the assets to know who has access to which assets; and determining if your single sign-on integration can collect user context during single sign-on logins including location, device, and behavior.

Malicious cyber actors attempt to hide their activity by exploiting legitimate credentials, either of authorized personnel or of the systems that act on behalf of legitimate users, said Alan Laing, NSA lead for the IAM working group. Rigorous identity and access management allows an organization the ability to detect and thwart these actors persistent efforts to corrupt critical systems and access information of national importance.

Go here to read the rest:
CISA, NSA Issue Guidance on Identity and Access Management - MeriTalk

FORT MEADE, Md. - As part of the Enduring Security Framework (ESF), the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) published the Recommended Best Practices Guide for Administratorsto provide system administrators with actionable recommendations to better secure their systems from threats to Identity and Access Management (IAM).

IAM is a framework of business processes, policies, and technologies that facilitate the management of digital identities. It ensures that users only gain access to data when they have the appropriate credentials.

In 2021, Colonial Pipeline, a major Southeast oil pipeline system, suffered a major ransomware attack, disrupting the oil/gas distribution system and causing long lines at the gas station and consumer panic. Many people know about the attack and the exploitation of the company for money, but many dont realize that the attack happened because of a leaked password, an inactive VPN account, and a lack of multifactor authentication all of which can be summed up as poor IAM.

Malicious cyber actors attempt to hide their activity by exploiting legitimate credentials, either of authorized personnel or of the systems that act on behalf of legitimate users, said Alan Laing, NSA lead for the IAM working group. Rigorous Identity and Access Management allows an organization the ability to detect and thwart these actors persistent efforts to corrupt critical systems and access information of national importance.The paper provides best practices and mitigations to counter threats to IAM related to the following five topics:

Environmental Hardening

Identity Federation/Single Sign-On

Multi-Factor Authentication

IAM auditing and monitoring

"IAM is a critical part of every organization's security posture, and we must work collectively with the public and private sector to advance more secure by default and secure by design IAM solutions," said Grant Dasher, Office of the Technical Director for Cybersecurity, CISA. "The ESF's best practices guide is a valuable first step to aid critical infrastructure organizations' efforts to assess and strengthen their IAM solutions and processes. We look forward to further collaborations with our partners to improve the IAM ecosystem and aid organizations in achieving a more resilient posture."This release is accompanied by an Identity and Access Management Educational Aid presentation and associated talking pointsto support organizational technical leaders in explaining to decision makers the benefits of a robust IAM program and the associated risks of not implementing one.This guidance was developed and published by an NSA and CISA led working panel with ESF, a public-private cross-sector partnership that aims to address risks that threaten critical infrastructure and national security systems.

Read the full report here.Visit our full library for more cybersecurity information and technical guidance.

NSA Media RelationsMediaRelations@nsa.gov443-634-0721

See the article here:
ESF Partners, NSA, and CISA Release Identity and Access ... - National Security Agency

FORT MEADE, Md. - The National Security Agency (NSA) made further progress in 2022 in its efforts to build and sustain a diverse workforce critical to fulfilling the Agency's foreign signals intelligence and cybersecurity missions. A record 15.6% of new hires in 2022 self-identified as a person with a disability."We are proud of our strong hiring program, but that is only the first step in an employee's journey," said Teisha Anthony, Chief of Talent Management. "We need to be equally committed to inclusion and accessibility to fully support the people we bring on board."The People with Disabilities Employee Resource Group (PWD ERG) recently collaborated with the Cybersecurity Directorate (CSD) to host a panel discussion about ways to boost accessibility to help retain the best and brightest to support NSA's mission.A representative from the Office of Physical Security said that medical devices have grown increasingly smarter in recent years, which has posed a security challenge that the team is working hard to address: "We're actively engaged with medical device users, the PWD ERG, Research Directorate, and technical subject matter experts from across the Agency to identify and implement new mitigations while providing the greatest possible accommodation for affiliates who rely on these devices for their health and well-being."In a separate effort, CSD launched a new corporate initiative that offers many printed materials in braille to benefit Agency employees with disabilities. Other NSA organizations have undertaken similar campaigns, heeding the call to ensure reasonable accommodations for every employee."Providing support to the PWD population is absolutely critical to the success of NSA's mission," said the chair of the PWD ERG. "There's been a lot of improvement in this space, but there's still room to grow.""We won't be able to maintain an up-to-date understanding of our adversary without continuing to hire the best and brightest disabled employees."Learn more about NSA's policies on reasonable accommodations.Apply now: intelligencecareers.gov/nsa

NSA Media RelationsMediaRelations@nsa.gov443-634-0721

Go here to see the original:
NSA Hires Record Number of People with Disabilities, Undertakes ... - National Security Agency