"CISA Begins Cataloging, Publicizing Bad Cyber Practices"

The U.S. Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) is cataloging bad cybersecurity practices to help critical infrastructure providers improve the prioritization of their cybersecurity responsibilities. The list will be updated based on cybersecurity professionals' feedback. Recent events have brought further attention to the significant impact that cyberattacks against critical infrastructure can have on essential functions of government and the private sector. Organizations, especially those designated as National Critical Functions (NCF), must implement effective cybersecurity programs to manage cyber risks and defend against cyber threats. According to CISA, bad cyber practices in an organization that supports NCFs are dangerous because any disruption, corruption, or dysfunction to its systems could weaken security, national economic security, national public health, and national public safety. The bad practices catalog currently only includes two practices. These practices involve the use of unsupported software and fixed default passwords and credentials in service of NCFs. This article continues to discuss the purpose and current status of CISA's bad practices catalog.

MeriTalk reports "CISA Begins Cataloging, Publicizing Bad Cyber Practices"