Using Effectiveness Assessments to Identify Quick Wins

June 23, 2020

An organization’s overall security posture can be viewed from multiple different angles, such as technical assessments, program assessments, controls assessments, and risk assessments. A number of different frameworks for each of these assessment types exist, intended to help both technical teams as well as leadership organize security program building activities. Some of these include: Penetration…

Read

20 Tips for Certification Success

June 2, 2020

Over the years, it has been my experience that industry certifications have become standard for job consideration and/or advancement for many technical positions. This is, of course, in addition to having experience in the particular field. I obtained my first (modern-day) technical certification in 2014. It was the System Security Certified Practitioner (SSCP) offered by…

Read

Understanding New York’s SHIELD Act

April 1, 2020

While General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) get a lot of attention, New York should not to be left out. In effect beginning on March 21, 2020, the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act (https://www.nysenate.gov/legislation/bills/2019/s5575) places additional security and privacy requirements on organizations that possess…

Read

Working With the Department of Defense in 2020? Start Planning for the New Certification.

November 5, 2019

In what is certain to be a wakeup call for many organizations involved in Department of Defense contracts, The Cybersecurity Maturity Model Certification (CMMC) is set to become a part of life in 2020. Much like previous requirements, the CMMC requirements will also apply to subcontractors, and all Requests for Proposal (RFPs) will require CMMC…

Read
state of ohio seal blog graphic

Is Ohio Senate Bill 220 an Example for the Other 49 States?

May 16, 2019

Passing with 24 yeas and 8 nays, effective as of November 2, 2018, Ohio Senate Bill 220 was touted as a way to use the ‘carrot approach’ for organizations to increase cybersecurity. This incentive was to encourage the shielding of data breach liability for organizations in certain situations. Excerpts from the bill are provided below….

Read
NIST logo

Highlights from the NIST Cybersecurity Risk Management Conference

November 20, 2018

NIST hosted a CyberSecurity Risk Management Conference from November 8th through the 10th.  The event was expanded and improved from previous NIST workshops, which were more government focused. Thus for this conference, they wanted the same spirit of gaining stakeholder input on the frameworks and general cybersecurity areas, but with a much greater attendance and…

Read
US Capitol Building icon

NIST Guidance for Small Business Forthcoming

September 27, 2018

The National Institute for Standards and Technology, usually referred to as NIST, has many valuable resources, including resources for computer security. The NIST Cybersecurity Framework (NIST CSF) and the NIST 800 series are familiar to most people in the information security industry. The NIST standards are commonly used not only by organizations that are bound…

Read

Continual compliance

May 14, 2015

So much has been written on security versus compliance and continual compliance that it seems at times that discussing it is beating a dead horse. That being said, it is a dead horse that needs to be beaten, as we continuously come across situations where organizations find themselves in a mad dash to get into…

Read
  • Browse by Category

  • Clear Form