Working With the Department of Defense in 2020? Start Planning for the New Certification.

November 5, 2019

In what is certain to be a wakeup call for many organizations involved in Department of Defense contracts, The Cybersecurity Maturity Model Certification (CMMC) is set to become a part of life in 2020. Much like previous requirements, the CMMC requirements will also apply to subcontractors, and all Requests for Proposal (RFPs) will require CMMC…

Read

The Three Step Security Strategy

October 8, 2019

Why Does Strategy Matter? The term ‘security strategy’ can be ambiguous and often means different things to different people. Because of this, many organizations do not have a formalized security strategy and those that do may not have an effective one. This is understandable. Managing the day-to-day issues associated with a security program (alerts, audits,…

Read

Big Changes in Store for PCI DSS v4.0, and More!

September 20, 2019

This week I attended the PCI North American Community Meeting. If you are in the payment security space and haven’t been to a community meeting, I would recommend that you put this on your conference schedule. It’s great to connect with like-minded individuals, including card brands, banks, large customers, vendors, and yes, assessors – both internal (ISAs)…

Read

Attacks on the Rise Through Office 365

September 17, 2019

Office 365 is the most popular line of digital services for businesses for a reason, but when it comes to cyberattacks, its ubiquity is creating challenges. If it seems like every week there’s a new headline about a large-scale hacking incident, it’s not a case of rampant fake news. According to the 2018 Symantec Internet Security…

Read

PCI Requirements 101

September 12, 2019

Having completed several PCI-DSS (Payment Card Industry – Data Security Standard) Reports on Compliance (RoCs) over the past couple of years, I have noticed a consistent pattern on the items needed for the 12 requirements. I have found that there are three basic components to most if not all PCI requirements: Documentation (Policies, Standards, and…

Read

Top 10 MITRE ATT&CK™ Techniques

August 22, 2019

The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) Framework (https://attack.mitre.org/) is “a globally-accessible knowledge base of adversary tactics and techniques” that is “open and available to any person or organization for use at no charge.” One of the most beautiful parts of the MITRE ATT&CK™ Framework is that its information can be analyzed to…

Read
state of ohio seal blog graphic

Is Ohio Senate Bill 220 an Example for the Other 49 States?

May 16, 2019

Passing with 24 yeas and 8 nays, effective as of November 2, 2018, Ohio Senate Bill 220 was touted as a way to use the ‘carrot approach’ for organizations to increase cybersecurity. This incentive was to encourage the shielding of data breach liability for organizations in certain situations. Excerpts from the bill are provided below….

Read
6 crucial network segmentation actions graphic

Six Crucial Network Segmentation Actions

March 26, 2019

We are constantly barraged with new technologies and techniques for securing the enterprise. Every new thing we are told is crucially important, and if you don’t master all of it now, you are the next breach headline. It is intimidating to say the least. It is easy to look past the basics of securing the…

Read
security risk graphic

Top Six Security and Risk Management Questions

March 12, 2019

Recently, Gartner put out a report on the top 10 inquiries regarding security projects. The report is based on their analysis of over 10,200 client interactions covering relevant security and risk management topics from July 2018 through January 2019 (see the research here). Interestingly enough, Trustedsec has heard similar inquiries regarding product offerings in discussions…

Read
blog icon header

Current Security Trends in 2019

February 7, 2019

As the information security industry continues to mature, several things have changed, but many of the fundamental issues remain—even in the face of new technologies, threats, and regulations. Understanding and responding to current trends provides the opportunity for security and risk management leaders to better improve security, increase resiliency, and support the business. With renowned…

Read
  • Browse by Category

  • Clear Form