A Brief Look at Risk-Based Vulnerability Management

 A cybersecurity and IT industry professional, Wayne Nordstrom has held professional roles in cybersecurity over the last decade. As an IT security and vulnerability program manager with Blue Cross Blue Shield, Wayne Nordstrom develops the vision and plans to improve the vulnerability management program consistently.

One efficient way to remedy system and network vulnerabilities in companies is through risk-based vulnerability management. In risk-based vulnerability management, security weaknesses are addressed according to priority. For instance, a security weakness that poses the highest level of danger if exploited can be prioritized and addressed before the next high-priority weakness is identified. Priority can also be based on the probability of an attack.

Some benefits of risk-based vulnerability management are fast-tracked remediation of immediate and critical risks, broader visibility of the health of digital assets, and real-time protection against threats. Large companies with multiple systems and networks can manage vulnerabilities efficiently through this approach.

An Overview of the Medical Device Discovery Appraisal Program

 Wayne Nordstrom is an IT security expert with a broad range of experience in information security technologies, methodologies, and tools. His expertise includes threat/vulnerability management, remediation planning, and infrastructure penetration testing. In addition to working in various IT security roles, Wayne Nordstrom is a member of ISACA (formerly the Information Systems Audit and Control Association; the organization now goes by its acronym).

ISACA ensures that technology professionals receive the skills, education, and community support they need to advance their careers and organizations. ISACA, the FDA (Food and Drug Administration), and the MDIC (Medical Device Innovation Consortium) unveiled the Medical Device Discovery Appraisal Program (MDDAP) to improve patient safety and device quality. The program helps manufacturers of medical devices understand, measure, and boost their operations to reach best practices.

The MDDAP framework is a customized Capacity Maturity Model Integration (CMMI) - a model for guiding process improvement - tailored for the medical device industry. Because of MDDAP, medical device manufacturers are evaluated on the CMMI appraisal framework to help them identify opportunities for process improvement.

Brief History of The Boston Red Sox

 Based in Boston, Massachusetts, Wayne Nordstrom is a licensed cyber security analyst who works at Blue cross Blue shield as the IT security and Vulnerability program manager. Outside of work, Wayne Nordstrom enjoys playing basketball.

The Boston Red Sox is one of the first teams in major league baseball. Upon their founding in1901, they were initially named the Boston Americans, and in 1907 they adopted their current name. In their founding years, the team played at the Huntington Avenue grounds until 1912, when they moved to Fenway Park.

Cy Young brought his team a lot of success as the premier pitcher. In 1903, the team won their first world series, thus setting them on the path of success. After selling a key player, Babe Ruth, in 1920 to the New York Yankees, the team experienced a series of setbacks. Also, a rivalry was set against the Yankees, who seemed to flourish after the player's purchase.

After many years of apparent drought, the Boston red sox had a breakthrough in 2004 when they won the World Series and defeated their decades-long rivals, the Yankees, in the American Championship Series. Although the team in consequent years suffered a good number of setbacks, like losing 95 games in 2012, it has also recorded a good number of successes.

The team continues to dominate the world of baseball through the years, forging on through the continuous support of fans across the globe, although most are Bostonians.

Ohio Takes Volunteer Approach to Election Hacking Threats

Serving as senior vulnerability risk manager with Blue Cross Blue Shield IT, Wayne Nordstrom handles a wide range of vulnerability issues. Having attended Champlain College, Wayne Nordstrom took advantage of a program that has been designated a Defense Cyber Crime Center (DC3) Air Force Office of Special Investigations’ National Center of Digital Forensics Academic Excellence.

One state that has taken a lead in the fight against cyberattacks is Ohio, which has created a volunteer team of private-sector professionals dedicated to preventing cyberattacks on voting systems. Including employees of companies such as Cisco Systems, the Ohio Cyber Reserve has 80 members and is ready for call up by the National Guard. As crime-fighting reservists, volunteers provide services one Tuesday per week, and on the weekend as necessary.

The state has the funds to increase to the Ohio Cyber Reserve to 200 members, and its creation is a proactive move to ensure that hacking attempts do not ruin the integrity of public elections. At stake is nothing less than American democracy, and a number of state and local governments currently lack the funding to prevent today’s sophisticated hacks. Several states are working to copy this volunteer-driven model and marshal forces against election interference and ransomware hacks.

A Brief Look at Penetration Testing and Web Application Security

 An experienced cybersecurity specialist, Wayne Nordstrom serves as an IT security and vulnerability program manager at Blue Cross Blue Shield in Boston, where he oversees the development of plans for the program's continuous improvement. Wayne Nordstrom possesses expertise in penetration testing.

Also called “pen test,” penetration testing evaluates software for vulnerabilities and hidden loopholes that can be exploited by a malicious party to degrade the efficiency of software, disable it, or gain unauthorized access to information and control. Penetration testing is performed to help strengthen a web application firewall (WAF), which acts like a security official for a website and prevents malicious data or commands from entering front-end or back-end servers.

A pen test simulates the types of attacks that malicious hackers would most likely use. If the simulated attack successfully bypasses the WAF, the firewall can then be improved to remove the vulnerability. For example, a pen test may subject the firewall to a code injection attack, which is a malicious program that changes the behavior or features of a website. If such an attack were able to bypass the firewall, the website would change or malfunction, depending on the injected code. The IT security team prepares the firewall to repel such attacks in the future.

Three Baseball Teams With the Most World Series Title

 Wayne Nordstrom is a cybersecurity expert based in Massachusetts. He works as an IT Security & Vulnerability Program Manager in Blue Cross Blue Shield, where he manages the entire lifecycle of vulnerabilities from discovery, triage, advising, and remediation. In his spare time, Wayne Nordstrom enjoys baseball.

Baseball is one of the most popular sports in the United States. Since its popularization in the 19th century, it has evolved from just a sport played in local towns to a national sport with two major leagues: the National League and the American League.

Major League Baseball is the umbrella body covering the two main leagues where the biggest teams play. Each of these teams competes every year for a chance to win the biggest trophy in Major League Baseball: the World Series Championship. Most of the biggest baseball teams today are recognized by the number of times they have won the Championship trophy.

An example of one of these leading teams is the New York Yankees, which have won the title 27 times since its creation in 1901. Another leading team is the St. Louis Cardinals, which have won the world series 11 times since its inception in 1882. The Boston Red Sox is a different prominent team with many world series titles (9).

A Brief Look at Information Security.

 Based in Greater Boston, Wayne Nordstrom worked as a lead network engineer at Suffolk University, where he was in charge of the campus' wide network infrastructure. In addition, Wayne Nordstrom earned his BS in cybersecurity and digital forensics at Champlain College, which the nation recognizes as a leading force in those fields of study.

As a discipline, cybersecurity deals with the procedures involved in safeguarding systems, networks, and sensitive information from digital attacks. And some of these attacks include phishing, malware, spyware, zero-day exploits, and man-in-the-middle. In addition, cybersecurity has vital components, including network security, operational security, disaster recovery planning, and information security.

Also known as infosec, information security refers to the techniques employed in shielding information from unauthorized access, use, modification, or destruction. The subject matter of this discipline (information) covers a person's intellectual property, personal details, login details, and social media profile, among other aspects. Information security consists of three fundamental principles; confidentiality, integrity, and availability (CIA triad).

Confidentiality means protecting sensitive information, which the owner restricts to a few people. This includes professional information, bank account details, social media profile, family information, and email details, to mention a few. On the other hand, integrity means keeping the accuracy and entirety of any information intact.

Finally, availability helps the owners of specific pieces of information in accessing them whenever they desire. However, attackers can attempt to carry out a denial of service (DoS) attack to take down a web server if they fail to jeopardize the confidentiality and integrity principles. As a result of the attack, an authorized website owner can lose access to their site due to unavailability.

About the National Centers of Academic Excellence in Cybersecurity

 The IT Security and Vulnerability program manager at Blue Cross Blue Shield in Boston, Massachusetts, Wayne Nordstrom, earned his BS in cybersecurity and digital forensics from Champlain College in Burlington, Vermont. Wayne Nordstrom’s alma mater is a designated National Center of Academic Excellence in Cyber Defense Education (NCAE-CD), a component of the National Centers of Academic Excellence in Cybersecurity (NCAE-C) program.

The Department of Homeland Security and the National Security Agency (NSA) sponsors the NCAE-C program. The NSA’s National Cryptologic School manages the program with federal partners, including the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, the National Science Foundation, and US Cyber Command.

The program aims to shepherd a participatory cybersecurity educational program with institutions of higher learning that sets yardsticks for academic excellence and cybersecurity curriculum, incorporates student and faculty competency development, and ardently participates in addressing issues confronting cybersecurity education. The promotion of expertise and higher education in cybersecurity intends to lessen vulnerability in the country’s national information infrastructure.