Nine Things to Know About the CMMC

November 10, 2020
The Cybersecurity Maturity Model Certification (CMMC) (https://www.acq.osd.mil/cmmc/) is a program being developed to help ensure that specific types of unclassified data that exist outside of government systems remain adequately protected. Specifically, the CMMC applies to Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) in non-government systems. Eventually, this certification program will replace the process...

Two Simple Ways to Start Using the MITRE ATT&CK Framework

August 25, 2020
While there is a wealth of free information intended to help larger organizations use the MITRE ATT&CKTM Framework, these resources often assume that the reader has dedicated security teams, deep technical skills, and/or a catalog of supporting security tools. But what if small organizations, compliance teams, or risk management professionals want to leverage ATT&CK? Never...

Want Better Alerting? Consider Your Business Processes

May 19, 2020
Logging, monitoring, and alerting programs are some of the most critical elements of any security and compliance program, but traditional approaches for implementing and upgrading these capabilities are often noisy, expensive, and laborious. Traditional Alerting Approaches are Failing During program assessments, we find that a lot of clients are generating so many alerts that they...

Vendor Enablement: Rethinking Third-Party Risk

April 30, 2020
Third-party risk management is an essential element of information security. It is common to see news about a large company being breached, and after learning more, you find out the breach was the result of a vendor. When you depend on another organization for a critical business process and allow them access to your network,...

Is Zoom’s Lack of End-To-End Encryption a Problem?

April 2, 2020
All of the work-from-home activity coupled with all of the media about Zoom’s lack of end-to-end (E2E) encryption has resulted in a few clients asking us if Zoom can still be trusted to host meetings. It’s not exactly as they portray For those of you catching up, Zoom’s privacy and security have been the target...

Understanding New York’s SHIELD Act

April 1, 2020
While General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) get a lot of attention, New York should not to be left out. In effect beginning on March 21, 2020, the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act (https://www.nysenate.gov/legislation/bills/2019/s5575) places additional security and privacy requirements on organizations that possess...
  • Browse by Category

  • Clear Form